Welcome back.
Note that it's always better if you tell us what you want to accomplish without any implementation details.
For example, "I'd like to add an AD user from a Centrified system to a LOCAL UNIX secondary group"
This way the answer is very evident. (e.g. "usermod -a -G oracle jane.user")
Now to your post
"If i had to add this account to some local group i saw that i cannot use the usermod command but i have to write his account manually in the correct group in the file /etc/group."
Why can't you just use usermod; it should just work.
The Question is i have also to modify the configuration files as i read in this post Add AD User to Local Group
Tip: anything older than 3 years may have changed.
So basically when we need to set the adclient.local.group.merge to true?
This parameter is used for a very specific use case (most likely related to the commercial version).
adclient.local.group.merge
Scenarios to be addressed: Identity duplication, migrations, etc.
Description: In your design, you want to control primary and secondary UNIX group memberships using AD security groups. In your enviroment you have several JBOSS servers that have the secondary group jboss. In the middle of your migration, you have not done all users (typically done in phases), therefor there will be local users and AD users in this group. You still need to be able to add both, but want to still maintain control for AD users.
How do you work this out?
- Maintain the local jboss group in your servers with the yet-to-be-migrated local users.
the local entry has 3 users: jboss:x:505:jane,bob,michael - Create a UNIX-enabled group in AD, and name it jboss.
- Add your UNIX-enabled AD users to the jboss group in the corresponding zone (matching the same GID)
the ad group entry has 3 users too: jboss:x:505:tetsu,fel,aurora - Set the adclient.local.group.merge and run adreload
- Do an adquery group (or getent group)
the group presents members from the two sources jboss:x:505:jane,bob,michael,tetsu,fel,aurora
Now apps looking at that group can account for local an AD identities.
I hope this helps.
You have a UNIX-enabled AD group called "jboss"