Is it possible to overlay local LDAP attributes on top of a replicated tree?

authentication login ldap sssd

A central LDAP server provides user data as posixAccount, whereby the attributes homeDirectory and loginShell are empty. I want allow users in this central LDAP server to access a Linux system.

If I use syncrepl to replicate the data to a local LDAP server, I can use sssd to set the homeDirectory. I could also use sssd to set everyone's loginShell to, say, /usr/bin/bash.

However, I would like to be able to set loginShell on a per-user basis, mainly to allow setting the shell to /sbin/nologin in order to lock individual users out of the system.

Is it possible to combine replicated data with local data in this way? If so, how?


Solution 1:

Take a look at overlay slapo-translucent.

Related

How to recover a deleted/replaced HFS+ partition from external drive?
Mail.app in OS X — IMAP and Archive Mailbox subfolder creation
How to manually trigger background image change?
How can you reset security questions on an Apple ID when you have the password, but the security email is incorrect?
Making a program use a specific network interface
Missing lock icon in System Preferences->Sharing on El Capitan
connecting a PS2 keyboard to Mac
Is it possible to dual-boot Mac OS X 10.7 Lion and Mac OS X 10.8 Mountain Lion?
Add PDFs to iBooks, without making a copy to com.apple.BKAgentService folder
Is it possible to run Mountain Lion on older hardware by using a virtualization solution?
Script opens two terminal windows
Bluetooth Headphone constantly disconnecting