How to add local accounts to a server when same user exist in ldap
Environment
Red Hat Enterprise Linux 4/5/6/7/8/9
Issue
servers that are using LDAP for user authentication, have a requirement to add a limited number of local accounts to a system.
However when executing the useradd account it errors as there is already an LDAP entry
[fx18:root]:/root > adduser -u 1445 -g 2936 -c"Test User" -d /home/foo -s /bin/sh -m foo
adduser: user foo exists
Resolution
Having the same account in multiple back-ends(files and ldap) is a bad practice and highly discouraged. If a user account (that exist in ldap or other backends) needs to added local, disable ldap temporarily and add the user.
Edit /etc/nsswitch.conf file, Remove the reference to other backend (ldap,nis,etc..) from passwd, group, shadow entries and add the user.
Root Cause
useradd/adduser commands searches all backends and add new users only if the user entry is not present in all of the configured backends.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments