// the find
CyberNinjas/libnss_aad
Name Service Switch (NSS) Module for performing user lookups against the Azure Active Directory (AAD).
A glibc NSS module that lets Linux resolve users and groups against Azure Active Directory, making AAD accounts work transparently with `getent`, `id`, and PAM. Aimed at shops running Linux servers that authenticate against a Microsoft identity backend without joining a full AD domain.
The NSS interface is the right level to solve this — hooking `passwd` and `shadow` lookups means any tool that calls `getpwnam` gets AAD users for free, no application changes needed. Ships a proper Debian package with postinst/postrm lifecycle scripts, so installation is clean rather than a pile of manual steps. Includes Docker test environments for Amazon Linux, Debian, and Ubuntu, which is more testing infrastructure than most C system libs bother with. The config format is simple JSON and the scope is deliberately narrow.
Abandoned since June 2020 — Travis CI is dead, Bintray (used for package hosting) shut down in 2021, and Azure AD has since been renamed to Microsoft Entra ID with breaking OAuth changes. Storing the client secret in plaintext in `/etc/libnss-aad.conf` is a real problem: any process that can read that file gets credentials that can impersonate the service principal against your entire tenant. Only 12 stars and minimal community means you're on your own if something breaks in glibc or the Microsoft graph API. Group lookups appear to be static (hardcoded `users` group from config) rather than reflecting actual AAD group membership.