On 3/10/20 1:53 PM, Michael Lake wrote:
> Pavel suggested:
> > How about using fully qualified names instead?
>
> I'm not very familiar with LDAP. I'm not sure what that would actually
> look like.
>
> What we have now is where users login to a terminal using their number.
> However with web based logins they do use their email address.
>
> I'd have to check tomorrow in the LDAP and check what a fully qualified
> name actually is.
Fully qualified name is a name in the form of user@domain. I.e. if you
have [domain/mydomain] in /etc/sssd/sssd.conf the fully qualified name
will be number@mydomain.
If they are used to login with their email address, you could also
switch name attribute to the email address attribute if it is in LDAP.
See ldap_user_name in `man sssd-ldap` and use_fully_qualified_names and
full_name_format in `man sssd.conf`.
> Mike
>
> ________________________________________
> From: Pavel Březina <pbrezina(a)redhat.com>
> Sent: Tuesday, March 10, 2020 11:33 PM
> To: End-user discussions about the System Security Services Daemon;
> Michael Lake
> Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user
> name of u123456 ?
>
> On 3/10/20 5:11 AM, Michael Lake wrote:
> > Hi all
> >
> > I am currently authenticating users with Centos 6 and sssd to an LDAP
> > server. I'll be moving to a Centos 8 so have setup sssd to authenticate
> > to the LDAP server on my test Centos 8 box. However, our users in our
> > LDAP only contains all numeric identifiers for users. Centos 8 no longer
> > accepts all numeric user names and group names
> >
> > Currently my sssd.conf contains:
> >
> > ldap_user_uid_number = uid
> > ldap_user_gid_number = uid
> > override_homedir = /homes/%u
> >
> > Our LDAP server contains "uid" values for users like "123456"
> >
> > I'll still be able to use the LDAP "uid" for UNIX uid and gid but what
> > I would like to be able to do is have the user name (and group name)
> > created by prefixing the LDAP "uid" values with a literal "u" to make
> > them POSIX compliant.
> >
> > Hence a user 123456 with "uid" of 123456 in LDAP can login and end up
> > with a username of "u123456".
> > I can't see a way to do that with a simple template in the "man
> > ssd.conf"
>
> How about using fully qualified names instead?
>
> UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any
> accompanying attachments may contain confidential information. If you
> are not the intended recipient, do not read, use, disseminate,
> distribute or copy this message or attachments. If you have received
> this message in error, please notify the sender immediately and delete
> this message. Any views expressed in this message are those of the
> individual sender, except where the sender expressly, and with
> authority, states them to be the views of the University of Technology
> Sydney. Before opening any attachments, please check them for viruses
> and defects. Think. Green. Do. Please consider the environment before
> printing this email.