> My understanding, after talking to expert people here, is that I should use the RFC2307 model for ID mapping (described here: https://goo.gl/XvqHDH). The problem is
> that our ID schema is slightly different than that one described in RFC2307. In the RFC the relevant user identification fields are named "uidNumber" and "gidNumber". > But in our AD database schema we have:
>
> # egrep 'uid_number|gid_number' /etc/sssd/sssd.conf
> ldap_user_uid_number = msSFU30UidNumber
> ldap_user_gid_number = msSFU30GidNumber
> ldap_group_gid_number = msSFU30GidNumber
>
> My question is: is it possible to configure CES to look for the custom field labels (those ones listed above) instead the default ones officially described in rfc2307 ?
>
> # egrep 'uid_number|gid_number' /etc/sssd/sssd.conf
> ldap_user_uid_number = msSFU30UidNumber
> ldap_user_gid_number = msSFU30GidNumber
> ldap_group_gid_number = msSFU30GidNumber
>
> My question is: is it possible to configure CES to look for the custom field labels (those ones listed above) instead the default ones officially described in rfc2307 ?
mmuserauth only supports the rfc2307 attributes for Active Directory. That is the tested and supported configuration. The attribute names from the sssd configuration look like the "old" SFU attributes are used. You could try going through "mmuserauth service create --type ad ..." and then switching the internal configuration to use the SFU attributes:
/usr/lpp/mmfs/bin/net conf setparm global 'idmap config DOMAINNAME : schema_mode' sfu
Then restart gpfs-winbind on all protocol nodes or use "mmces service" to stop and start SMB on all protocol nodes.
Note that we have not tested this configuration, so if that should be supported in a possible future release, please open a RFE.
Regards,
Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ
[email protected] || +1-520-799-2469 (T/L: 321-2469)
----- Original message -----
From: "Dorigo Alvise (PSI)" <[email protected]>
Sent by: [email protected]
To: "[email protected]" <[email protected]>
Cc:
Subject: [gpfsug-discuss] Question concerning integration of CES with AD authentication system
Date: Thu, May 24, 2018 1:45 AM
Dear members,
at PSI I'm trying to integrate the CES service with our AD authentication system.
My understanding, after talking to expert people here, is that I should use the RFC2307 model for ID mapping (described here: https://goo.gl/XvqHDH). The problem is that our ID schema is slightly different than that one described in RFC2307. In the RFC the relevant user identification fields are named "uidNumber" and "gidNumber". But in our AD database schema we have:
# egrep 'uid_number|gid_number' /etc/sssd/sssd.conf
ldap_user_uid_number = msSFU30UidNumber
ldap_user_gid_number = msSFU30GidNumber
ldap_group_gid_number = msSFU30GidNumber
My question is: is it possible to configure CES to look for the custom field labels (those ones listed above) instead the default ones officially described in rfc2307 ?
many thanks.
Regards,
Alvise Dorigo_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
