Enabling management of subuid in ipa and nss for ldap users breaks rootless podman for local users

Solution In Progress - Updated -


  • After configuring /etc/nsswitch.conf to pull subuid and subgid ranges for ldap users from sssd, local users can no longer use rootless podman.

  • After configuring subid: sss in /etc/nsswitch.conf, rootless podman no longer works for local users

  • rootless podman gets error:
    ERRO[0000] cannot find UID/GID for user regularuser: cannot read subids - check rootless mode in man pages.
    WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user


  • Red Hat Enterprise Linux 8.6
  • podman-4.0.2-6.module+el8.6.0+14877+f643d2d6
  • shadow-utils-4.6-16.el8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content