On Thu, 2012-02-09 at 23:07 +0100, Marco Pizzoli wrote: > > > On Thu, Feb 9, 2012 at 5:17 PM, Stephen Gallagher > <[email protected]> wrote: > On Wed, 2012-02-08 at 20:04 +0100, Marco Pizzoli wrote: > > Hi guys, > > I looked at the roadmap and I see the "AD integration > feature" > > section. > > Please, could you explain to me what this intended to be? > What is this > > more than the normal LDAP support? > > Also pointers to documentation already posted somewhere > would possibly > > be of help... > > > > Active Directory has several peculiarities that we need to > address > directly. The first is that it uses a non-standard LDAP > control to > handle retrieving values from an entry if there are more than > a certain > number of such values. This makes it difficult to view all of > the > members of a very large group. We need to support this "range > extension". > > The other issue is when dealing with Active Directory users > when the > administrator has not or cannot add POSIX ID values to the > users. In > this case, we need to map the Active Directory's 128-bit > universally-unique identifier (UUID) into a POSIX UID/GID. > This is > called id-mapping.
For the record, I misspoke here. I meant the objectSID, not a UUID.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
