Re: [SSSD-users] AD provider uses wrong user attribute?

Fri, 01 Nov 2013 05:09:56 -0700 

On 01/11/13 11:21, Ondrej Valousek wrote:

In ADUC, if you tick on User "Unix attributes" and populate it, uid is 
automatically set on.
Not sure if Samba even populates RFC attributes - guess you need to use 
ldap_id_mapping=true w/ Samba.
Ondrej

-----Original Message-----
From: [email protected] 
[mailto:[email protected]] On Behalf Of Rowland Penny
Sent: Friday, November 01, 2013 11:13 AM
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] AD provider uses wrong user attribute?

On 01/11/13 10:00, Ondrej Valousek wrote:

Yes it is guaranteed to be there (or we can safely assume so) if we
use Ldap_id_mapping  = False


-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Jakub
Hrozek
Sent: Friday, November 01, 2013 10:52 AM
To: [email protected]
Subject: Re: [SSSD-users] AD provider uses wrong user attribute?

On Fri, Nov 01, 2013 at 09:36:05AM +0000, Ondrej Valousek wrote:

Hi List,

Looks like the AD provider in sssd honors sAMAccountname attribute instead of 
the 'uid' (which is more in line with the RFC2307).
Is this intentional or a bug?

Thanks,
Ondrej

Intentional, is UID guaranteed to be there in all setups even if RFC2307 
attributes are not present on the AD side?
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

I wouldn't like to bet on 'uid' being there on Samba4 AD if the user is created 
with samba-tool, 'uid' is an optional attribute.

Rowland

_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
With samba-tool you have to add the RFC2307 attributes separately and even then it does not work just like ADUC, for instance, samba4 does not have ' msSFU30MaxUidNumber' or 'msSFU30MaxGidNumber' attributes and samba-tool adds the posixAccount & posixGroup objectClasses that ADUC doesn't. 

Rowland

_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Reply via email to