But the whole set of the RFC2307 attributes in AD are optional, right? What I am saying is, that IF an administrator decides to make an use of those, we should honore the whole set, nut just a few of these.
Another use case: In AD you can not have a user and group with the same name (i.e. sAMAccountname). In Unix you can. If sssd honored uid by default, you could workaround this AD restriction by manually specifying uid (ADUC sets it to sAMAcountname value) Ondrej -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jakub Hrozek Sent: Friday, November 01, 2013 1:45 PM To: [email protected] Subject: Re: [SSSD-users] AD provider uses wrong user attribute? On Fri, Nov 01, 2013 at 11:21:10AM +0000, Ondrej Valousek wrote: > In ADUC, if you tick on User "Unix attributes" and populate it, uid is > automatically set on. > Not sure if Samba even populates RFC attributes - guess you need to use > ldap_id_mapping=true w/ Samba. > Ondrej But using UNIX attributes is optional with the AD provider, the AD provider must work well with defaults. I think you can override the attribute with ldap_user_name config option instead. _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
