How to unsubscribe On Tue, 19 May 2020, 18:24 Sumit Bose, <[email protected]> wrote:
> On Tue, May 12, 2020 at 06:58:13AM -0400, Lawrence Kearney wrote: > > Hello! A question, is it possible now, or would there be value in > > developing the ability, for the daemon to use the siDHistory attribute > when > > id-mapping is used for users and groups that are migrated to new domains? > > > > If I assume correctly, normally there would not be a need for this > because > > in direct integration mode id-mapping is constrained by the domain, so > the > > object SID is the object SID. However, if you are migrating users to a > new > > domain(s) (as the result of organisational changes or upgrades for > example) > > it would be very useful if a specific value in the sIDHistory attribute > > could be referenced for id-mapping so POSIX file systems or other data > > relationships tied to UID/GID enumerations if they exist were not > > negatively impacted. > > > > And again, if I understand correctly indirect integration modes do not > > solve this potential issue if the target users reside in domains trusted > by > > the IPA domain. > > Hi, > > you are right, currently the sIDHistory isn't used in direct or indirect > integration. > > I have to admit that I didn't had a close look at the details of > siDHistory. I know e.g. that the old SIDs are available in the PAC. So > in theory it might be possible to generate group memberships based on > the so that you are still a member of the old groups. But it might be > difficult with the UID because there can be only one. > > bye, > Sumit > > > > > Suggestions or feedback if I misunderstand, and if I do understand > > correctly is there a possibility of developing a solution for this use > case? > > > > Many thanks as always, > > > > > > -- lawrence > > > _______________________________________________ > > sssd-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
