From: Jonathan Vaughn <jonathan@creatuity.com>
Reply-To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Date: Thursday, March 6, 2014 2:21 PM
To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Subject: Re: [389-users] Local accounts vs 389 DS users

Assuming you use SSSD, If you change /etc/nsswitch.conf to be 'sss files' rather than 'files sss' for passwd / shadow / group, it will use SSSD first before local. You could also simply remove them from the /etc/[passwd/shadow/group] files too and use only LDAP via SSSD...

On Thu, Mar 6, 2014 at 12:57 PM, Chaudhari, Rohit K. <Rohit.Chaudhari@jhuapl.edu> wrote:

I have a user that I have set locally on a Red Hat machine. I store that user in LDAP with the same Posix attributes, but their password differs. When I log in from the Red Hat machine, it uses the local cached credentials of that user (LDAP password and credentials never seem to matter). How can I synchronize the local and ldap version of the user so that I don't have to create it locally AND on LDAP on every single remote machine?

Thanks,

R

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users