On Thu, Jun 14, 2018 at 02:33:22PM +0200, John Hearns wrote: > We have an existing set of users in a local passwd file > I want to run sss_override to create mappings from the AD SID numbers to > the existing uid numbers. > > What is the concensus on running sss_override? > I can script it to either parse through the existing passwd file and make > an override entry per user, > or to parse the file and create an import file which is run once with > import-user > > But when is a good time to run this? > > In a daily cron job > > When sssd is started, which would involve editing the systemd unit file > > Creating a new systemd service which depends on sssd.service . This service > runs sss_override and then restarts sssd.service > > Or am I misunderstanding something? > > I am assuming here we have on-disk sssd databases. If the databases are on > a tmpfs then clearly the sss_override must be run at boot time by one of > the above methods also.
As long as the cache file in /var/lib/sss/db is not removed it should be sufficient to run sss_override for each user once and then the override data should stay in the cache. I once got a report that the link between the original user data and the override data got lost, but I wasn't able to reproduce this so far. It is always a good idea to call user-export/group-export to have a backup file around. HTH bye, Sumit > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/TMGIPZGSONS6Q62RGKFBI5EDZ7GPCEUU/ _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/R3L7BBZGZ5URRV7VYSBIUMRSKVZRYIMJ/