I've got sssd configured to talk to an LDAP server and to filter out a bunch of users in case they exist on the LDAP server.
Code: Select all
[nss]
filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,uucp,operator,games,gopher,ftp,nobody,dbus,vcsa,abrt,haldaemon,ntp,saslauth,postfix,sshd,tcpdump,teamunix,admin,nagios,nrpe,radiusd,rpc,rpcuser,nfsnobody,apache,mysql,tomcat,tomcat7,http
Code: Select all
[root@neil ~]# getent passwd mysql
[root@neil ~]# useradd arhgerh
[root@neil ~]# getent passwd mysql
mysql:*:13575:1000:mysql:/home/mysql:/bin/bash
[root@neil ~]# systemctl restart sssd
[root@neil ~]# getent passwd mysql
[root@neil ~]# useradd -r arhgerherg
[root@neil ~]# getent passwd mysql
mysql:*:13575:1000:mysql:/home/mysql:/bin/bash
[root@neil ~]# systemctl restart sssd
[root@neil ~]# getent passwd mysql
[root@neil ~]#
This is with sssd-2.2.3-20.el8.x86_64. The mysql on the LDAP server has been there for over a decade but I only realised it was there when I made an Ansible playbook for CentOS 8 that creates a local user and then subsequently installs MariaDB. The creation of the local user causes the server to start resolving the mysql LDAP user, so no local mysql user gets created by the %pre script in the mariadb-server package, then MariaDB stops working once sssd gets restarted for whatever reason.
I've got CentOS 6 and 7 servers using the LDAP server and can't recreate the problem with them.