Solved getent passwd or group alone does not list all AD entries when sssd in use

Solved issue

DoupageCoupage

New Member
Joined
Apr 18, 2024
Messages
2
Reaction score
1
Credits
22
Hello everybody, I came across a difference on how getent returns users and groups differently on sssd- and VAS-based systems.
Here is the behaviour.

RHEL7 - getent passwd/group (with no other parameters) will list all AD users/groups
nsswitch config:
passwd: files vas4
group: files vas4

RHEL8 - getent passwd/group (with no other parameters) will list only all local users/groups, but getent passwd/group [user/group] lists user/group specific information correctly. It just wouldn't list all the users/groups as it happened on RHEL7 using VAS.
nsswitch config:
passwd: files sss systemd
group: files sss systemd

Can someone explain the difference in behaviour please?
 
Last edited:


Looks like I will answer the question myself. :)

This is due to enumeration being disabled by default for sssd.

[domain/ldap]
enumerate = False
 
Congrats and welcome.

If this is solved you can mark it as same by editing your first Post.

Cheers

Chris Turner
wizardfromox
 

Members online

No members online now.

Top