Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Chapter 18. ID Views

ID views enable you to specify new values for POSIX user or group attributes, as well as to define on which client host or hosts the new values will apply.
For example, you can use ID views to:
Important
You can apply ID views only to IdM clients, not to IdM servers.

Potential Negative Impact on SSSD Performance

Applying an ID view can have a negative impact on SSSD performance, because certain optimizations and ID views cannot run at the same time. For example, ID views prevent SSSD from optimizing the process of looking up groups on the server:
  • With ID views, SSSD must check every member on the returned list of group member names if the group name is overridden.
  • Without ID views, SSSD can only collect the user names from the member attribute of the group object.
This negative effect mostly becomes apparent when the SSSD cache is empty or after clearing the cache, which makes all entries invalid.

Additional Resources

ID views also have several use cases in environments involving Active Directory. For details, see the Migrate from Synchronization to Trust Manually Using ID Views chapter in the Windows Integration Guide.

18.1. Attributes an ID View Can Override

ID views consist of user and group ID overrides. The overrides define the new attribute values.
User and group ID overrides can define new values for the following attributes:
User attributes
  • Login name (uid)
  • GECOS entry (gecos)
  • UID number (uidNumber)
  • GID number (gidNumber)
  • Login shell (loginShell)
  • Home directory (homeDirectory)
  • SSH public keys (ipaSshPubkey)
  • Certificate (userCertificate)
Group attributes
  • Group name (cn)
  • Group GID number (gidNumber)