Understood, but it is not important. Both directories (AD & Samba) do know about the uid attribute & RFC3207 dictates its usage so: 1. If samba-tool does not populate it, then it is a bug in Samba which should be fixed 2. If sssd does not honor this attribute when running in RFC2307 compatibility mode, then it is a bug and should be fixed as well
Ondrej -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Rowland Penny Sent: Friday, November 01, 2013 1:09 PM To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] AD provider uses wrong user attribute? On 01/11/13 11:21, Ondrej Valousek wrote: > In ADUC, if you tick on User "Unix attributes" and populate it, uid is > automatically set on. > Not sure if Samba even populates RFC attributes - guess you need to use > ldap_id_mapping=true w/ Samba. > Ondrej > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Rowland Penny > Sent: Friday, November 01, 2013 11:13 AM > To: End-user discussions about the System Security Services Daemon > Subject: Re: [SSSD-users] AD provider uses wrong user attribute? > > On 01/11/13 10:00, Ondrej Valousek wrote: >> Yes it is guaranteed to be there (or we can safely assume so) if we >> use Ldap_id_mapping = False >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Jakub >> Hrozek >> Sent: Friday, November 01, 2013 10:52 AM >> To: [email protected] >> Subject: Re: [SSSD-users] AD provider uses wrong user attribute? >> >> On Fri, Nov 01, 2013 at 09:36:05AM +0000, Ondrej Valousek wrote: >>> Hi List, >>> >>> Looks like the AD provider in sssd honors sAMAccountname attribute instead >>> of the 'uid' (which is more in line with the RFC2307). >>> Is this intentional or a bug? >>> >>> Thanks, >>> Ondrej >> Intentional, is UID guaranteed to be there in all setups even if RFC2307 >> attributes are not present on the AD side? >> _______________________________________________ >> sssd-users mailing list >> [email protected] >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users >> _______________________________________________ >> sssd-users mailing list >> [email protected] >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users > I wouldn't like to bet on 'uid' being there on Samba4 AD if the user is > created with samba-tool, 'uid' is an optional attribute. > > Rowland > > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users With samba-tool you have to add the RFC2307 attributes separately and even then it does not work just like ADUC, for instance, samba4 does not have ' msSFU30MaxUidNumber' or 'msSFU30MaxGidNumber' attributes and samba-tool adds the posixAccount & posixGroup objectClasses that ADUC doesn't. Rowland _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
