Users of DICE machines may have noticed that system utilities such as
getent and finger are no longer returning a full list of Informatics users.

We use sssd (System Security Service Daemon) on DICE to cache LDAP
data, such as user and group information. For finger to work with
anything other than usernames, it requires the sssd “enumerate”
option. This enumerates, and caches, the entire LDAP user and group
directory locally. The man page (sssd.conf(5)) recommends against
doing this, “especially in large environments” (although it doesn’t
specify what “large” is). This has always worked for us, and so we
have enabled this option previously.

The version of sssd on Scientific Linux 7.3 has unfortunately proved
unreliable with enumerate enabled, to the extent of rendering a
machine unusable. Subsequent releases and proposed bug-fixes have not
effectively resolved the problem and so we have had to disable
enumerate across DICE machines.

We have produced some local utilities to help replace the lost
functionality caused by the system changes described above.

finger-dice is a wrapper utility around the system finger command and
can be used to find out details about users given only part of their
name (e.g. surname).

getent-dice database (where database is one of passwd, group,
netgroup) will produce a full list, although note that it does not
return information on system users or groups.

dice-user-info is a general utility for finding out contact
information for people in Informatics. It takes a single argument and
matches against name, location and telephone number.

All of these utilities have man pages.

Looking up DICE user/group information / Computing Systems by is licensed under a