On 18 July 2016 at 18:26, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Mon, Jul 18, 2016 at 09:33:35AM +1000, Lachlan Musicman wrote:
> > Ok, I've just spoken with my colleague that has been involved in the IPA
> > roll out, and he said he thought that override_space wasn't compatible
> > ID overrides?
> I haven't tested that to be honest. But just using my knowledge of the
> code as a basis, I would say the two should be compatible, especially
> with 1.14.0 where we decoupled the output from how we store users. But
> again, I haven't tested any of this.
> > Either way, since we have a working system we are reticent to make too
> > changes - soon we will have a test system in place and I will be able to
> > check it then?
> selinux_provider=none should be an easy workaround if you don't use the
> SELinux labels. I still have an item on my todo list to test this
> locally, I think I will get to that this week.
For what it's worth, we implemented the override_space=_ option.
This has failed, of course, because we had a user with an _ in their
username, and sssd went looking for test user instead of test_user, which
caused all kinds of issues.
We have gone back to selinux_provider=none
The most dangerous phrase in the language is, "We've always done it this
- Grace Hopper
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project