Hi,
The Apache HTTP Server installation fails during the creation of the local apache service account, for example:
groupadd: GID '48' already exists
useradd: group 'apache' does not exist
warning: group apache does not exist - using root
warning: user apache does not exist - using root
warning: group apache does not exist - using root
Any tip highly appreciated.
Richard.
Hello,
Do not attempt to resolve this by removing the centrally managed apache identity from IdM or another directory server just to enable local package installation. This action could trigger widespread issues across other systems that also connect to the domain directory.
Service accounts like apache should always remain local to each individual host. To prevent conflicts when apache already exists in a directory, SSSD can be configured to skip centralized lookups for that specific name using the NSS responder.
# vi /etc/sssd/sssd.conf
[nss]
filter_users = root, apache
filter_groups = root, apache
# systemctl restart sssd
# dnf install httpd
Or, for older versions of RHEL:
# yum install httpd
This can happen on systems that use SSSD for NSS identity lookups and can already resolve an apache user or group from a centralized identity source such as IdM, LDAP, or Active Directory.
SSSD uses NSS for user and group resolution. When a centralized identity source exposes a user or group named apache, local software installation can collide with that name during account creation. SSSD provides filter_users and filter_groups specifically to suppress selected identities from NSS results, which is a safer approach than modifying the centralized directory for all consumers.
Computeman 