0

A central LDAP server provides user data as posixAccount, whereby the attributes homeDirectory and loginShell are empty. I want allow users in this central LDAP server to access a Linux system.

If I use syncrepl to replicate the data to a local LDAP server, I can use sssd to set the homeDirectory. I could also use sssd to set everyone's loginShell to, say, /usr/bin/bash.

However, I would like to be able to set loginShell on a per-user basis, mainly to allow setting the shell to /sbin/nologin in order to lock individual users out of the system.

Is it possible to combine replicated data with local data in this way? If so, how?

loris
  • 232
  • 1
  • 12

1 Answers1

1

Take a look at overlay slapo-translucent.

Michael Ströder
  • 974
  • 5
  • 9
  • That looks like the answer to my question, thanks. However, could I also just exclude ```loginShell``` and ```homeDirectory``` from the attributes to be synced? – loris Nov 11 '21 at 07:30