On 18 July 2016 at 18:26, Jakub Hrozek <jhro...@redhat.com> wrote: > On Mon, Jul 18, 2016 at 09:33:35AM +1000, Lachlan Musicman wrote: > > Ok, I've just spoken with my colleague that has been involved in the IPA > > roll out, and he said he thought that override_space wasn't compatible > with > > ID overrides? > > I haven't tested that to be honest. But just using my knowledge of the > code as a basis, I would say the two should be compatible, especially > with 1.14.0 where we decoupled the output from how we store users. But > again, I haven't tested any of this. > > > > > Either way, since we have a working system we are reticent to make too > many > > changes - soon we will have a test system in place and I will be able to > > check it then? > > selinux_provider=none should be an easy workaround if you don't use the > SELinux labels. I still have an item on my todo list to test this > locally, I think I will get to that this week. >
For what it's worth, we implemented the override_space=_ option. This has failed, of course, because we had a user with an _ in their username, and sssd went looking for test user instead of test_user, which caused all kinds of issues. We have gone back to selinux_provider=none L. ------ The most dangerous phrase in the language is, "We've always done it this way." - Grace Hopper
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project