On (17/10/19 11:13), Pavel Březina wrote: >On 10/17/19 12:17 AM, Jeff Thornsen wrote: >> The reason I ask is because I use a bunch of storage appliances that offer >> Secure-NFS (NETAPP, EMC UNITY, etc.), but they only support NIS, IDMU, >> RFC2307, and RFC2307bis style Identity Mapping, all of which require manual >> assignment of UID/GID numbers to objects in LDAP, which is untenable for >> large environments. Microsoft even removed Unix Attribute editor from their >> LDAP GUI for the RFC2307 attributes in Windows Server 2016 to push people >> away from using rfc2307. >> >> I would like to be able to provide a link to an RFC or design document >> describing the SSSD ID Mapping algorithm so that these 3rd party vendors can >> incorporate an identical identity mapping algorithm into their products, so >> that I can use their Secure-NFS product in conjunction with sssd and have >> the uid and gid numbers match up with the other Linux hosts in our >> environment. > >There is [1]. But I am not sure if it is as thorough as you need and it might >be also a little outdated. So the best documentation would be the sources of >sss_idmap library [2]. Also it should be possible to use this library instead >of implementing your own algorithm. >
+1 for usage of libsss_idmap.so You might also want to check the man page (sss_rpcidmapd)[3] in case of NFS (it is part of sssd-nfs-idmap on fedora/CentOS) [1] https://docs.pagure.org/SSSD.sssd/design_pages/idmap_auto_assign_new_slices.html [2] https://github.com/SSSD/sssd/tree/master/src/lib/idmap [3] https://www.mankier.com/5/sss_rpcidmapd LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
