[SSSD-users] Re: Can I map an LDAP value of 123456 to a user name of u123456 ?

2020-03-11 Thread patrick . hush 
Why on earth would you assign a numeric value to a uid? Just do a ldapmodify 
and replace the uid with a valid userid (eg. jsmith) and replace uidNumber with 
the previous value, then get rid of the:
ldap_user_uid_number = uid
ldap_user_gid_number = uid
stuff, you can do this in one ldif with

dn: uid=123456,ou=people,dc=example,dc=com
changetype: modify
replace uid, uidNumber
uid: jsmith
uidNumber: 123456
-
dn: uid=123458,ou=people,dc=example,dc=com
changetype: modify
replace uid, uidNumber
uid: foobar
uidNumber: 123458
-
(just keep going I'd do an export and work from that)


> On March 10, 2020 at 9:30 PM Michael Lake  wrote:
> 
> Example user:
> 
> uid: 123456
> mail: mike.l...@uts.edu.au mailto:mike.l...@uts.edu.au
> uidNumber: 200123456
> 
> 
> From: patrick.h...@comcast.net mailto:patrick.h...@comcast.net 
> 
> Sent: Wednesday, March 11, 2020 9:15 AM
> To: End-user discussions about the System Security Services Daemon
> Subject: [SSSD-users] Re: Can I map an LDAP value of 123456 to a user 
> name of u123456 ?
> 
> In LDAP what are the uidNumber and uid attributes for a sample user?
> On March 10, 2020 at 2:45 PM Michael Lake  wrote:
> 
> Hi
> 
> But I'd still have the problem that my UNIX username needs to be POSIX 
> compliant. So if my number is 123456 and my email is 
> mike.l...@uts.edu.au I dont want the actual UNIX 
> username to be an email address with an @ in it. Complicates all sorts of 
> scripts. A username of u123456 is simple.
> Hence being able to just set that using sssd would be simplest if it can 
> be done.
> Slightly more hassle is getting the LDAP changed or a writing a PAM 
> module so change the login.
> 
> Hence I'd ask if there is something simpler first.
> 
> Mike
> 
> From: Pavel Březina 
> Sent: Wednesday, March 11, 2020 2:31 AM
> To: Michael Lake; End-user discussions about the System Security Services 
> Daemon
> Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user 
> name of u123456 ?
> 
> On 3/10/20 1:53 PM, Michael Lake wrote:
> > Pavel suggested:
> > > How about using fully qualified names instead?
> >
> > I'm not very familiar with LDAP. I'm not sure what that would actually
> > look like.
> >
> > What we have now is where users login to a terminal using their number.
> > However with web based logins they do use their email address.
> >
> > I'd have to check tomorrow in the LDAP and check what a fully qualified
> > name actually is.
> 
> Fully qualified name is a name in the form of user@domain. I.e. if you
> have [domain/mydomain] in /etc/sssd/sssd.conf the fully qualified name
> will be number@mydomain.
> 
> If they are used to login with their email address, you could also
> switch name attribute to the email address attribute if it is in LDAP.
> 
> See ldap_user_name in `man sssd-ldap` and use_fully_qualified_names and
> full_name_format in `man sssd.conf`.
> 
> > Mike
> >
> > 
> > From: Pavel Březina 
> > Sent: Tuesday, March 10, 2020 11:33 PM
> > To: End-user discussions about the System Security Services Daemon;
> > Michael Lake
> > Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user
> > name of u123456 ?
> >
> > On 3/10/20 5:11 AM, Michael Lake wrote:
> > > Hi all
> > >
> > > I am currently authenticating users with Centos 6 and sssd to an LDAP
> > > server. I'll be moving to a Centos 8 so have setup sssd to 
> authenticate
> > > to the LDAP server on my test Centos 8 box. However, our users in our
> > > LDAP only contains all numeric identifiers for users. Centos 8 no 
> longer
> > > accepts all numeric user names and group names
> > >
> > > Currently my sssd.conf contains:
> > >
> > > ldap_user_uid_number = uid
> > > ldap_user_gid_number = uid
> > > override_homedir = /homes/%u
> > >
> > > Our LDAP server contains "uid" values for users like "123456"
> > >
> > > I'll still be able to use the LDAP "uid" for UNIX uid and gid but what
> > > I would like to be able to do is have the user name (and group name)
> > > created by prefixing the LDAP "uid" values with a literal "u" to make
> > > them POSIX compliant.
> > >
> > > Hence a user 123456 with "uid" of 123456 in LDAP can login and end up
> > > with a username of "u123456".
> > > I can't see a way to do that with a simple template in the "man
> > > ssd.conf"
> >
> > How about using fully qualified names instead?
> >
> > UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any
> > accompanying attachments may contain confidential information. If you
> > are not the intended recipient,

[SSSD-users] Re: Can I map an LDAP value of 123456 to a user name of u123456 ?

2020-03-10 Thread Michael Lake 
Example user:

uid: 123456
mail: mike.l...@uts.edu.au
uidNumber: 200123456


From: patrick.h...@comcast.net 
Sent: Wednesday, March 11, 2020 9:15 AM
To: End-user discussions about the System Security Services Daemon
Subject: [SSSD-users] Re: Can I map an LDAP value of 123456 to a user name of 
u123456 ?

In LDAP what are the uidNumber and uid attributes for a sample user?
On March 10, 2020 at 2:45 PM Michael Lake  wrote:

Hi

But I'd still have the problem that my UNIX username needs to be POSIX 
compliant. So if my number is 123456 and my email is 
mike.l...@uts.edu.au I dont want the actual UNIX 
username to be an email address with an @ in it. Complicates all sorts of 
scripts. A username of u123456 is simple.
Hence being able to just set that using sssd would be simplest if it can be 
done.
Slightly more hassle is getting the LDAP changed or a writing a PAM module so 
change the login.

Hence I'd ask if there is something simpler first.

Mike

From: Pavel Březina 
Sent: Wednesday, March 11, 2020 2:31 AM
To: Michael Lake; End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user name of 
u123456 ?

On 3/10/20 1:53 PM, Michael Lake wrote:
> Pavel suggested:
> > How about using fully qualified names instead?
>
> I'm not very familiar with LDAP. I'm not sure what that would actually
> look like.
>
> What we have now is where users login to a terminal using their number.
> However with web based logins they do use their email address.
>
> I'd have to check tomorrow in the LDAP and check what a fully qualified
> name actually is.

Fully qualified name is a name in the form of user@domain. I.e. if you
have [domain/mydomain] in /etc/sssd/sssd.conf the fully qualified name
will be number@mydomain.

If they are used to login with their email address, you could also
switch name attribute to the email address attribute if it is in LDAP.

See ldap_user_name in `man sssd-ldap` and use_fully_qualified_names and
full_name_format in `man sssd.conf`.

> Mike
>
> 
> From: Pavel Březina 
> Sent: Tuesday, March 10, 2020 11:33 PM
> To: End-user discussions about the System Security Services Daemon;
> Michael Lake
> Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user
> name of u123456 ?
>
> On 3/10/20 5:11 AM, Michael Lake wrote:
> > Hi all
> >
> > I am currently authenticating users with Centos 6 and sssd to an LDAP
> > server. I'll be moving to a Centos 8 so have setup sssd to authenticate
> > to the LDAP server on my test Centos 8 box. However, our users in our
> > LDAP only contains all numeric identifiers for users. Centos 8 no longer
> > accepts all numeric user names and group names
> >
> > Currently my sssd.conf contains:
> >
> > ldap_user_uid_number = uid
> > ldap_user_gid_number = uid
> > override_homedir = /homes/%u
> >
> > Our LDAP server contains "uid" values for users like "123456"
> >
> > I'll still be able to use the LDAP "uid" for UNIX uid and gid but what
> > I would like to be able to do is have the user name (and group name)
> > created by prefixing the LDAP "uid" values with a literal "u" to make
> > them POSIX compliant.
> >
> > Hence a user 123456 with "uid" of 123456 in LDAP can login and end up
> > with a username of "u123456".
> > I can't see a way to do that with a simple template in the "man
> > ssd.conf"
>
> How about using fully qualified names instead?
>
> UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any
> accompanying attachments may contain confidential information. If you
> are not the intended recipient, do not read, use, disseminate,
> distribute or copy this message or attachments. If you have received
> this message in error, please notify the sender immediately and delete
> this message. Any views expressed in this message are those of the
> individual sender, except where the sender expressly, and with
> authority, states them to be the views of the University of Technology
> Sydney. Before opening any attachments, please check them for viruses
> and defects. Think. Green. Do. Please consider the environment before
> printing this email.

UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any 
accompanying attachments may contain confidential information. If you are not 
the intended recipient, do not read, use, disseminate, distribute or copy this 
message or attachments. If you have received this message in error, please 
notify the sender immediately and delete this message. Any views expressed in 
this message are those of the individual sender, except where the sender 
expressly, and with authority, states them to be the views of the University of 
Technology Sydney. Before opening any attachments, please check them for 
viruses and defects. Think. Green. Do. Please consider the environment before

[SSSD-users] Re: Can I map an LDAP value of 123456 to a user name of u123456 ?

2020-03-10 Thread patrick . hush 
In LDAP what are the uidNumber and uid attributes for a sample user?

> On March 10, 2020 at 2:45 PM Michael Lake  wrote:
> 
> Hi
> 
> But I'd still have the problem that my UNIX username needs to be POSIX 
> compliant. So if my number is 123456 and my email is mike.l...@uts.edu.au 
> mailto:mike.l...@uts.edu.au I dont want the actual UNIX username to be an 
> email address with an @ in it. Complicates all sorts of scripts. A username 
> of u123456 is simple.
> Hence being able to just set that using sssd would be simplest if it can 
> be done.
> Slightly more hassle is getting the LDAP changed or a writing a PAM 
> module so change the login.
> 
> Hence I'd ask if there is something simpler first.
> 
> Mike
> 
> From: Pavel Březina 
> Sent: Wednesday, March 11, 2020 2:31 AM
> To: Michael Lake; End-user discussions about the System Security Services 
> Daemon
> Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user 
> name of u123456 ?
> 
> On 3/10/20 1:53 PM, Michael Lake wrote:
> > Pavel suggested:
> > > How about using fully qualified names instead?
> >
> > I'm not very familiar with LDAP. I'm not sure what that would actually
> > look like.
> >
> > What we have now is where users login to a terminal using their number.
> > However with web based logins they do use their email address.
> >
> > I'd have to check tomorrow in the LDAP and check what a fully qualified
> > name actually is.
> 
> Fully qualified name is a name in the form of user@domain. I.e. if you
> have [domain/mydomain] in /etc/sssd/sssd.conf the fully qualified name
> will be number@mydomain.
> 
> If they are used to login with their email address, you could also
> switch name attribute to the email address attribute if it is in LDAP.
> 
> See ldap_user_name in `man sssd-ldap` and use_fully_qualified_names and
> full_name_format in `man sssd.conf`.
> 
> > Mike
> >
> > 
> > From: Pavel Březina 
> > Sent: Tuesday, March 10, 2020 11:33 PM
> > To: End-user discussions about the System Security Services Daemon;
> > Michael Lake
> > Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user
> > name of u123456 ?
> >
> > On 3/10/20 5:11 AM, Michael Lake wrote:
> > > Hi all
> > >
> > > I am currently authenticating users with Centos 6 and sssd to an LDAP
> > > server. I'll be moving to a Centos 8 so have setup sssd to 
> authenticate
> > > to the LDAP server on my test Centos 8 box. However, our users in our
> > > LDAP only contains all numeric identifiers for users. Centos 8 no 
> longer
> > > accepts all numeric user names and group names
> > >
> > > Currently my sssd.conf contains:
> > >
> > > ldap_user_uid_number = uid
> > > ldap_user_gid_number = uid
> > > override_homedir = /homes/%u
> > >
> > > Our LDAP server contains "uid" values for users like "123456"
> > >
> > > I'll still be able to use the LDAP "uid" for UNIX uid and gid but what
> > > I would like to be able to do is have the user name (and group name)
> > > created by prefixing the LDAP "uid" values with a literal "u" to make
> > > them POSIX compliant.
> > >
> > > Hence a user 123456 with "uid" of 123456 in LDAP can login and end up
> > > with a username of "u123456".
> > > I can't see a way to do that with a simple template in the "man
> > > ssd.conf"
> >
> > How about using fully qualified names instead?
> >
> > UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any
> > accompanying attachments may contain confidential information. If you
> > are not the intended recipient, do not read, use, disseminate,
> > distribute or copy this message or attachments. If you have received
> > this message in error, please notify the sender immediately and delete
> > this message. Any views expressed in this message are those of the
> > individual sender, except where the sender expressly, and with
> > authority, states them to be the views of the University of Technology
> > Sydney. Before opening any attachments, please check them for viruses
> > and defects. Think. Green. Do. Please consider the environment before
> > printing this email.
> 
> UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any 
> accompanying attachments may contain confidential information. If you are not 
> the intended recipient, do not read, use, disseminate, distribute or copy 
> this message or attachments. If you have received this message in error, 
> please notify the sender immediately and delete this message. Any views 
> expressed in this message are those of the individual sender, except where 
> the sender expressly, and with authority, states

[SSSD-users] Re: Can I map an LDAP value of 123456 to a user name of u123456 ?

2020-03-10 Thread Michael Lake 
Hi

But I'd still have the problem that my UNIX username needs to be POSIX 
compliant. So if my number is 123456 and my email is mike.l...@uts.edu.au I 
dont want the actual UNIX username to be an email address with an @ in it. 
Complicates all sorts of scripts. A username of u123456 is simple.
Hence being able to just set that using sssd would be simplest if it can be 
done.
Slightly more hassle is getting the LDAP changed or a writing a PAM module  so 
change the login.

Hence I'd ask if there is something simpler first.

Mike

From: Pavel Březina 
Sent: Wednesday, March 11, 2020 2:31 AM
To: Michael Lake; End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user name of 
u123456 ?

On 3/10/20 1:53 PM, Michael Lake wrote:
> Pavel suggested:
>  > How about using fully qualified names instead?
>
> I'm not very familiar with LDAP. I'm not sure what that would actually
> look like.
>
> What we have now is where users login to a terminal using their number.
> However with web based logins they do use their email address.
>
> I'd have to check tomorrow in the LDAP and check what a fully qualified
> name actually is.

Fully qualified name is a name in the form of user@domain. I.e. if you
have [domain/mydomain] in /etc/sssd/sssd.conf the fully qualified name
will be number@mydomain.

If they are used to login with their email address, you could also
switch name attribute to the email address attribute if it is in LDAP.

See ldap_user_name in `man sssd-ldap` and use_fully_qualified_names and
full_name_format in `man sssd.conf`.

> Mike
>
> 
> From: Pavel Březina 
> Sent: Tuesday, March 10, 2020 11:33 PM
> To: End-user discussions about the System Security Services Daemon;
> Michael Lake
> Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user
> name of u123456 ?
>
> On 3/10/20 5:11 AM, Michael Lake wrote:
>  > Hi all
>  >
>  > I am currently authenticating users with Centos 6 and sssd to an LDAP
>  > server. I'll be moving to a Centos 8 so have setup sssd to authenticate
>  > to the LDAP server on my test Centos 8 box. However, our users in our
>  > LDAP only contains all numeric identifiers for users. Centos 8 no longer
>  > accepts all numeric user names and group names
>  >
>  > Currently my sssd.conf contains:
>  >
>  > ldap_user_uid_number = uid
>  > ldap_user_gid_number = uid
>  > override_homedir = /homes/%u
>  >
>  > Our LDAP server contains "uid" values for users like "123456"
>  >
>  > I'll still be able to use the LDAP "uid" for UNIX uid and gid but what
>  > I would like to be able to do is have the user name (and group name)
>  > created by prefixing the LDAP "uid" values with a literal "u" to make
>  > them POSIX compliant.
>  >
>  > Hence a user 123456 with "uid" of 123456 in LDAP can login and end up
>  > with a username of "u123456".
>  > I can't see a way to do that with a simple template in the "man
>  > ssd.conf"
>
> How about using fully qualified names instead?
>
> UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any
> accompanying attachments may contain confidential information. If you
> are not the intended recipient, do not read, use, disseminate,
> distribute or copy this message or attachments. If you have received
> this message in error, please notify the sender immediately and delete
> this message. Any views expressed in this message are those of the
> individual sender, except where the sender expressly, and with
> authority, states them to be the views of the University of Technology
> Sydney. Before opening any attachments, please check them for viruses
> and defects. Think. Green. Do. Please consider the environment before
> printing this email.

UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any 
accompanying attachments may contain confidential information. If you are not 
the intended recipient, do not read, use, disseminate, distribute or copy this 
message or attachments. If you have received this message in error, please 
notify the sender immediately and delete this message. Any views expressed in 
this message are those of the individual sender, except where the sender 
expressly, and with authority, states them to be the views of the University of 
Technology Sydney. Before opening any attachments, please check them for 
viruses and defects. Think. Green. Do. Please consider the environment before 
printing this email.
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: Can I map an LDAP value of 123456 to a user name of u123456 ?

2020-03-10 Thread Pavel Březina 

On 3/10/20 1:53 PM, Michael Lake wrote:

Pavel suggested:
 > How about using fully qualified names instead?

I'm not very familiar with LDAP. I'm not sure what that would actually 
look like.


What we have now is where users login to a terminal using their number. 
However with web based logins they do use their email address.


I'd have to check tomorrow in the LDAP and check what a fully qualified 
name actually is.


Fully qualified name is a name in the form of user@domain. I.e. if you 
have [domain/mydomain] in /etc/sssd/sssd.conf the fully qualified name 
will be number@mydomain.


If they are used to login with their email address, you could also 
switch name attribute to the email address attribute if it is in LDAP.


See ldap_user_name in `man sssd-ldap` and use_fully_qualified_names and 
full_name_format in `man sssd.conf`.



Mike


From: Pavel Březina 
Sent: Tuesday, March 10, 2020 11:33 PM
To: End-user discussions about the System Security Services Daemon; 
Michael Lake
Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user 
name of u123456 ?


On 3/10/20 5:11 AM, Michael Lake wrote:
 > Hi all
 >
 > I am currently authenticating users with Centos 6 and sssd to an LDAP
 > server. I'll be moving to a Centos 8 so have setup sssd to authenticate
 > to the LDAP server on my test Centos 8 box. However, our users in our
 > LDAP only contains all numeric identifiers for users. Centos 8 no longer
 > accepts all numeric user names and group names
 >
 > Currently my sssd.conf contains:
 >
 > ldap_user_uid_number = uid
 > ldap_user_gid_number = uid
 > override_homedir = /homes/%u
 >
 > Our LDAP server contains "uid" values for users like "123456"
 >
 > I'll still be able to use the LDAP "uid" for UNIX uid and gid but what
 > I would like to be able to do is have the user name (and group name)
 > created by prefixing the LDAP "uid" values with a literal "u" to make
 > them POSIX compliant.
 >
 > Hence a user 123456 with "uid" of 123456 in LDAP can login and end up
 > with a username of "u123456".
 > I can't see a way to do that with a simple template in the "man
 > ssd.conf"

How about using fully qualified names instead?

UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any 
accompanying attachments may contain confidential information. If you 
are not the intended recipient, do not read, use, disseminate, 
distribute or copy this message or attachments. If you have received 
this message in error, please notify the sender immediately and delete 
this message. Any views expressed in this message are those of the 
individual sender, except where the sender expressly, and with 
authority, states them to be the views of the University of Technology 
Sydney. Before opening any attachments, please check them for viruses 
and defects. Think. Green. Do. Please consider the environment before 
printing this email.

___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: Can I map an LDAP value of 123456 to a user name of u123456 ?

2020-03-10 Thread Michael Lake 
Pavel suggested:
> How about using fully qualified names instead?

I'm not very familiar with LDAP.  I'm not sure what that would actually look 
like.

What we have now is where users login to a terminal using their number. However 
with web based logins they do use their email address.

I'd have to check tomorrow in the LDAP and check what a fully qualified name 
actually is.

Mike


From: Pavel Březina 
Sent: Tuesday, March 10, 2020 11:33 PM
To: End-user discussions about the System Security Services Daemon; Michael Lake
Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user name of 
u123456 ?

On 3/10/20 5:11 AM, Michael Lake wrote:
> Hi all
>
> I am currently authenticating users with Centos 6 and sssd to an LDAP
> server. I'll be moving to a Centos 8 so have setup sssd to authenticate
> to the LDAP server on my test Centos 8 box. However, our users in our
> LDAP only contains all numeric identifiers for users. Centos 8 no longer
> accepts all numeric user names and group names
>
> Currently my sssd.conf contains:
>
> ldap_user_uid_number = uid
> ldap_user_gid_number = uid
> override_homedir = /homes/%u
>
> Our LDAP server contains "uid" values for users like "123456"
>
> I'll still be able to use the LDAP "uid" for UNIX uid and gid but what
> I would like to be able to do is have the user name (and group name)
> created by prefixing the LDAP "uid" values with a literal "u" to make
> them POSIX compliant.
>
> Hence a user 123456 with "uid" of 123456 in LDAP can login and end up
> with a username of "u123456".
> I can't see a way to do that with a simple template in the "man
> ssd.conf"

How about using fully qualified names instead?

UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any 
accompanying attachments may contain confidential information. If you are not 
the intended recipient, do not read, use, disseminate, distribute or copy this 
message or attachments. If you have received this message in error, please 
notify the sender immediately and delete this message. Any views expressed in 
this message are those of the individual sender, except where the sender 
expressly, and with authority, states them to be the views of the University of 
Technology Sydney. Before opening any attachments, please check them for 
viruses and defects. Think. Green. Do. Please consider the environment before 
printing this email.
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Re: Can I map an LDAP value of 123456 to a user name of u123456 ?

2020-03-10 Thread Pavel Březina 

On 3/10/20 5:11 AM, Michael Lake wrote:

Hi all

I am currently authenticating users with Centos 6 and sssd to an LDAP
server. I'll be moving to a Centos 8 so have setup sssd to authenticate
to the LDAP server on my test Centos 8 box. However, our users in our
LDAP only contains all numeric identifiers for users. Centos 8 no longer 
accepts all numeric user names and group names


Currently my sssd.conf contains:

ldap_user_uid_number = uid
ldap_user_gid_number = uid
override_homedir = /homes/%u

Our LDAP server contains "uid" values for users like "123456"

I'll still be able to use the LDAP "uid" for UNIX uid and gid but what
I would like to be able to do is have the user name (and group name)
created by prefixing the LDAP "uid" values with a literal "u" to make
them POSIX compliant.

Hence a user 123456 with "uid" of 123456 in LDAP can login and end up
with a username of "u123456".
I can't see a way to do that with a simple template in the "man
ssd.conf"


How about using fully qualified names instead?
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org