On Thu, Feb 09, 2017 at 07:06:44PM -0000, [email protected] wrote: > One of the more common cases for sssd (or winbind) with RFC2307 seems to be > getting uids/gids from Active Directory domains, but few Active Directories > have all of their users/groups configured for the POSIX uid/gid. > > How can you configure sssd behavior for this common case (among the three > behaviors that might be desired): > > 1) query AD for the Unix uid/gid and fail if that particular user is not > configured with a uid (this seems to be what sss always does and isn't really > practical given how unlikely that AD is configured perfectly for unix uids)
yes, this is supported, all POSIX or all ID-mapping. > 2) query AD for the Unix uid/gid and if that user is not configured with a > uid map to a default uid (uid of something like "guest" or "defaultuser" or > whatever) > 3) query AD for the Unix uid/gid and if that user is not configured with a > uid map algorithmically None of the above are supported at the moment. We have a ticket that tracks 3) here: https://fedorahosted.org/sssd/ticket/2705 but we don't plan on working on that at least in the near future. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
