I'm working on an AD where they've completely separate normal AD users and POSIX users.
- AD: All employees have a user.
- POSIX: Certain employees get a separate user which is used for POSIX use cases. (Usernames are prefixed so they never collide). Their groups are only POSIX groups.
How can SSSD get both sets of users and their groups?
Could we create a separate [domain/...] for each? Would overrides in [application/...] work?
Currently SSSD is only getting the POSIX users and ldap_id_mapping=false is set. We can't really disable that without massive `chown`s across all the systems.