URL:
https://github.com/SSSD/sssd/pull/644
Title: #644: When multiple UIDs exist, use the username provided by the user as the first
lookup
sumit-bose commented:
"""
per posix uid _must_ be unique, sorry to say your LDAP setup is
simply violating standards and cannot be supported in a consistent way.
@simo5, this is not about the POSIX UID but about the uid LDAP attribute defined in RFC
4519 (this is the newest) and used in RFC 2307. Unfortunately this LDAP attribute is
allowed to have multiple values.
I do not think sssd (or any other nss ldap module) can really do
anything useful for you here.
If you have specific systems where a user _always_ must use a specific name and other
systems where it must use the other I would suggest using id views (assuming we can do
that for generic LDAP) to exactly determine what user name to use on any specific host.
In any case the only way to properly handle this is to have a source of information that
explicitly marks _which_ uid is valid and use only that for the system.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/644#issuecomment-430617376