On Wed, Aug 24, 2016 at 07:39:54AM +0000, Joakim Tjernlund wrote: > On Wed, 2016-08-24 at 09:14 +0200, Petr Spacek wrote: > > On 24.8.2016 09:03, Joakim Tjernlund wrote: > > > > > > Getting to the of our AD domain migration but there is one step I haven't > > > solved. > > > Our users has UID/GID in the new domain while the already present users > > > in the new domain > > > does not. Assigning UID/GID to all users does not sit well with upstream > > > IT so I amĀ > > > looking at what to do with these when they visit/access our site. > > > > > > What comes to mind is partial id_mapping, if a user had UID/GID in the AD > > > use that, otherwise > > > do id_mapping for that user(preferably the same way samba does it since > > > we already have a samba > > > based interim solution). > > > > > > I haven't found a way to do that in sssd, is there? > > > Maybe I am just full of it and this is really a bad idea? > > > > Are you using FreeIPA? FreeIPA got support for "ID Views" which can be used > > for this purpose. (I'm not very sure about pure-SSSD case.) > > I wish, but this is a Windows AD :(
Petr had IPA-AD trusts in mind, I guess. Partial ID mapping is not possible, sorry. _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
