I'm not sure I understand the issue, sorry -- is the issue that william has a shell assigned, but it doesn't exist on the client or that the user entry in LDAP has no shell at all? (Or a variant of the first where the shell is installed but not present in /etc/shells and therefore not reported by getusershell(3))?)

What shell does getpwnam return for william? Can you paste me the output of getent passwd william?

Ldap user william has a shell of /bin/zsh in their ldap object. But it does not exist on the target system.

william:*:1343600009:1343600009:William Brown:/home/william:/bin/zsh

In that case, isn't shell_fallback what you're looking for?

       shell_fallback (string)
           The default shell to use if an allowed shell is not installed on the machine.

           Default: /bin/sh

(Yes, the options for augmenting the shell are too many and too confusing..)

It also doesn't work then.

It says "default: /bin/sh"

Evidence is showing it's failing to apply. So this issue is still valid.

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4662

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.