16.3. ID Views on the Client Side

Important

ID views can only be used on Red Hat Enterprise Linux 6 clients running Red Hat Enterprise Linux 6.7 or later.
The client must be enrolled with an IdM server based on Red Hat Enterprise Linux 7.1 or later to benefit from this functionality.
On the client side, the client itself determines to which ID view it belongs after the client system is started or restarted. The client then begins to use the data defined by the applied ID view. Because ID views are applied on the client side, clients running Red Hat Enterprise Linux 7.0 and earlier versions of IdM only see the Default Trust View. If a client requires a different ID view, update SSSD on the client to a version with ID View support or have the client use the compat LDAP tree.
Whenever the administrator applies another ID view on a client, the client and all the other clients applying this ID view must restart the SSSD service.

Note

Applying an ID view can have a negative impact on SSSD performance because certain optimizations and ID views cannot run at the same time.
For example, ID views prevent SSSD from optimizing the process of looking up groups on the server. With ID views, SSSD must check every member on the returned list of group member names if the group name is overridden. Without ID views, SSSD can only collect the user names from the member attribute of the group object. This negative effect will most likely become apparent when the SSSD cache is empty or when all entries are invalid, that is, after clearing the cache.