Hide Forgot
2. What is the nature and description of the request? sssd lacks nss_override_attribute_value loginshell option , This is available in nss_ldap to define default shell systemwide for all ldap accounts with entry nss_override_attribute_value loginshell /bin/bash In RHEL6 sssd lacks this feature. 3. Why does the customer need this? (List the business requirements here) The lack of this feature is preventing the use of sssd and the migration to RHEL6 in our unit. In our campus, we do not manage or can change all attributes in the ldap server as some legacy systems require certain values. For some reason, the default shell is ksh which is not the desired one for all users in our unit. In RHEL 5.x we could override that with nss_ldap as I mentioned before: nss_override_attribute_value loginshell /bin/bash As a workaround to be able to use RHEL6, we could use nslcd which does have an override option, however nslcd does not support multiple domains like sssd does. In nslcd, one can use the configuration option: map passwd loginshell "/bin/bash" to set the default shell for all accounts regardless of their ldap entry. It is a bit of an overlook that an option that was available in nss_ldap and nslcd is not available in sssd, which is supposed to replace them. I think that if an RFE is entered, it should be about implementing the ability to override all attribute values as they were available nss_ldap using the configuration option: nss_override_attribute_value I would say impact is High since we cannot use sssd as desired, even when we could make it work with nslcd. 4. How would the customer like to achieve this? (List the functional requirements here) Add a similar option like " nss_override_attribute_value " in sssd. 5. For each functional requirement listed in question 4, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. Specify the option "nss_override_attribute_value loginshell" in sssd.conf which would override the shell value described in "LoginShell" in ldap user entries. 6. Is there already an existing RFE upstream or in Red Hat bugzilla? No 7. How quickly does this need resolved? (desired target release) RHEL6 Update 2 8. Does this request meet the RHEL Inclusion criteria (please review) Not sure. 9. List the affected packages sssd 10. Would the customer be able to assist in testing this functionality if implemented? yes
SSSD upstream has this on their list of planned enhancements to the product: https://fedorahosted.org/sssd/ticket/742 It is currently slated for inclusion in SSSD 1.6.0 (scheduled for a first week of July release). We are certainly aware that this is a much-desired feature.
Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 52.el6 Build Date: Tue 20 Sep 2011 09:11:03 PM IST Install Date: Mon 26 Sep 2011 05:56:30 PM IST Build Host: x86-010.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-52.el6.src.rpm Size : 3550647 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1529.html