On 24.8.2016 09:03, Joakim Tjernlund wrote: > Getting to the of our AD domain migration but there is one step I haven't > solved. > Our users has UID/GID in the new domain while the already present users in > the new domain > does not. Assigning UID/GID to all users does not sit well with upstream IT > so I am > looking at what to do with these when they visit/access our site. > > What comes to mind is partial id_mapping, if a user had UID/GID in the AD use > that, otherwise > do id_mapping for that user(preferably the same way samba does it since we > already have a samba > based interim solution). > > I haven't found a way to do that in sssd, is there? > Maybe I am just full of it and this is really a bad idea?
Are you using FreeIPA? FreeIPA got support for "ID Views" which can be used for this purpose. (I'm not very sure about pure-SSSD case.) -- Petr Spacek @ Red Hat _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
