In the message dated: Thu, 24 May 2018 17:07:02 -0000, The pithy ruminations from Christof Schmitt on [Re: [gpfsug-discuss] Question concerning integration of CES with AD authentication system] were: =>
Following up on an old, old post... => > Basically Samba ignores the separate GID field in RFC2307bis, so one => > imagines the options for changing the LDAP attributes are none => > existent. => => mmuserauth now has an option to use either the gid from the actual primary => group or the gid defined for the user. See: => => https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.0/ => com.ibm.spectrum.scale.v5r00.doc/bl1adm_mmuserauth.htm => => --unixmap-domains unixDomainMap => [...] => win: Specifies the system to read the primary group set as Windows => primary group of a user on the Active Directory. => unix: Specifies the system to read the primary group as set in "UNIX => attributes" of a user on the Active Directory. => For example, => --unixmap-domains "MYDOMAIN1(20000-50000:unix);MYDOMAIN2 => (100000-200000:win)" I see this is refering to UNIX attributes within AD, but I'm curious about mapping to attributes in LDAP. => This gets mapped to 'idmap config ... : unix_primary_group' in the => internal config. Does that correspond to setting the smb.conf parameter unix_primary_group = yes Specifically, under Spectrum Scale 5.0.2, if I run: mmuserauth service create --data-access-method file --ldapmap-domains "DOMAIN(type=stand-alone:ldap_srv=ldapserver:range=1001-65535:usr_dn=ou=People,dc=DC,dc=TLD:grp_dn=ou=Group,dc=DC,dc=TLD)" --type ad (some args removed in this example), will that map the user's primary group to the primaryGroupID supplied by AD or the primaryGroupID LDAP field or the gidNumber LDAP field or something else? Thanks, Mark => => Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ => christof.schm...@us.ibm.com || +1-520-799-2469 (T/L: 321-2469) => _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
