lslebodn commented on a pull request
"""
On (09/09/16 08:39), tequeter wrote:
One of my customers has an in-house GNU/Linux desktop application they
use on many remote tiny sites with unreliable WAN links. So far the application was doing
local authn/authz using a database, but the customer is migrating their remote employees
to the central AD for easier access to new centralized applications.
I will deploy SSSD on the remote desktops to ensure application availability in case of
WAN failures, and the customer will update their application to authn with a SSSD-enabled
PAM service and authz with InfoPipe. However, the application still needs to map the AD
groups of the users to its internal permission system.
I considered using the gid provided by SSSD for that purpose (but it is not
guaranteed to be consistent on all computers, from sssd-ldap(5)/ID MAPPING),
Could
you quote please?
I can imagine inconsistent GID only in case of different id mapping
configuration on different computers. But I do not understant why
someone would do that. The ideal is to use default id mapping on all machines.
and you would get the same GID everywhere.
LS
"""
See the full comment at
https://github.com/SSSD/sssd/pull/21#issuecomment-245996198