Linux LDAP – Edit Home Directory for LDAP User

ldaplinuxpasswdsssd

I have an LDAP user who accesses a server based on having the appropriate LDAP host attribute via sssd. This user does not show up in /etc/passwd because he is not local. How do I modify his home dir location if he has already logged in and it was created in the default location? RHEL 6 Is it just usermod -d /new/location -m?

Best Answer

This is actually shockingly easy. If your nsswitch is files ldap; just add an entry for them in /etc/passwd and modify whatever parameter you want. If they don't already exist in /etc/passwd, you could do getent passwd <username> | sed 's|/home/<username>|/home/remoteusers/<username>|g' >> /etc/passwd for instance to change their home directory from the root of /home to a subfolder of home called remoteusers. The caveat is that you cannot use useradd or usermod, you must edit the file with an editor.

Related Solutions

Restrict ssh login from LDAP to users who have a /home directory

Because the management of access would require a lot of work arounds on the local host we decided just to create a group in Active Directory and restrict logins to users in that group.

This can be done by editing the /etc/security/pam_winbind.conf file with the following field with the SIDs of the groups or users we want to restrict access to (comma separated).

require_membership_of=

We then will filter our chroot restrictions to that group (or put the users to a local group) to restrict their sftp access to their own home directories. This will also allow us to add the oddjobs mkhomedir back to pam and then to allow access to the server we just have to add the user to that group. They can then log in and their home dir will be created automatically.

Thanks everyone for the help/ideas but it looks like AD groups will be the easiest to manage after all.

Best Answer

Related Solutions

Restrict ssh login from LDAP to users who have a /home directory

Related Question