When a user has a loginShell value of /bin/false in Active Directory, and a user-override entry exists to set that value to something else, the override is not being applied.
For example:
# vastool -u host/ attrs -u user1 userprincipalname loginshell
userPrincipalName: user1@example.com loginShell: /bin/false
# grep -i user1@example.com /etc/opt/quest/vas/user-override
user1@example.com::::::/bin/ksh
# getent passwd user1
user1:VAS:12345:1001:user1:/home/user1:/bin/false
The output still shows the /bin/false shell.
Resolution:
None.
This is expected behaviour which prevents a disabled login shell from being changed by the user override settings.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center