On Tue, 02 Dec 2014, Nicolas Zin wrote:
Hi,
the question of the day I should say. In a Redhat7/FreeIPA 3.3
environment. In an AD trust relationship, when I connect with an AD
user to a IDM client, I append to login with a generated uid.
Is there a way to provide a custom algorithm to map the uid from Active
Directory info. In our AD, users have a specific login name: composed
of one character and a uniq number. We wonder if we can translate this
uniq number into a uid. I know : another solution the prefered way
would be to use SFU (Service For Unix), but I wanted to ask before. I
guess I know the answer :-)
In FreeIPA 4.1 we introduced support for ID overrides for users coming
from Active Directory. This will hopefully be available in RHEL7.1.
With ID overrides (ID views) you can assign specific POSIX attributes
per each AD user, including but not limited to their UIDs and GIDs (and
user names, if needed).
http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust
You'd need an SSSD that understands ID views too, coming along with
updated IPA.
PS: another question: is there a good tutorial to use freeIPA xml-rpc
api (in python). I saw some code but not so much examples
(https://github.com/encukou/freeipa/blob/master/doc/examples/python-api.py).
There are not so many examples yet. Best way to learn is to read the
code of ipalib/*/* components. ;)
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
