[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: =?utf-8?q?=5BSSSD-users=5D?= Re: RFC2307bis and partially configured Active Directory Domains
From: John Beranek <john () redux ! org ! uk>
Date: 2017-02-19 13:38:35
Message-ID: CAHfGhcKWxgE9oYrNmbw7nyA1j4sAQfPJ9yF+LuYVYLKsqhD=Cw () mail ! gmail ! com
[Download RAW message or body]
On 9 February 2017 at 19:06, <smfrench@gmail.com> wrote:
> One of the more common cases for sssd (or winbind) with RFC2307 seems to be getting \
> uids/gids from Active Directory domains, but few Active Directories have all of \
> their users/groups configured for the POSIX uid/gid.
> How can you configure sssd behavior for this common case (among the three behaviors \
> that might be desired):
> 1) query AD for the Unix uid/gid and fail if that particular user is not configured \
> with a uid (this seems to be what sss always does and isn't really practical given \
> how unlikely that AD is configured perfectly for unix uids)
FWIW, my company found 1) pretty practical, as I wrote a pretty short
bit of Powershell which looks through AD for users and groups without
POSIX attributes, and sets them (UID/GID becomes the user's RID + a
static offset). This script runs every hour, and means all AD users
and groups have POSIX attributes.
Cheers,
John
--
John Beranek To generalise is to be an idiot.
http://redux.org.uk/ -- William Blake
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic