I'm trying to use chef to add/modify a few local user accounts. For whatever reason there are duplicate accounts in LDAP. Since the system uses sssd/pam/ldap, it sees the user as existing, but is unable to modify them because they are not in /etc/passwd.
Is there a way to completely bypass the ldap accounts so that they do not id? Then Chef will create them properly.
Best Answer
There is an option in the ldap configuration to ignore ldap lookups for certain user ids. In
/etc/ldap.conf
There is also this configuration value in the sssd config file