On 10/17/19 12:17 AM, Jeff Thornsen wrote:
The reason I ask is because I use a bunch of storage appliances that
offer Secure-NFS (NETAPP, EMC UNITY, etc.), but they only support NIS, IDMU, RFC2307, and
RFC2307bis style Identity Mapping, all of which require manual assignment of UID/GID
numbers to objects in LDAP, which is untenable for large environments. Microsoft even
removed Unix Attribute editor from their LDAP GUI for the RFC2307 attributes in Windows
Server 2016 to push people away from using rfc2307.
I would like to be able to provide a link to an RFC or design document describing the
SSSD ID Mapping algorithm so that these 3rd party vendors can incorporate an identical
identity mapping algorithm into their products, so that I can use their Secure-NFS product
in conjunction with sssd and have the uid and gid numbers match up with the other Linux
hosts in our environment.
There is [1]. But I am not sure if it is as thorough as you need and it
might be also a little outdated. So the best documentation would be the
sources of sss_idmap library [2]. Also it should be possible to use this
library instead of implementing your own algorithm.
[1]
https://docs.pagure.org/SSSD.sssd/design_pages/idmap_auto_assign_new_slic...
[2]
https://github.com/SSSD/sssd/tree/master/src/lib/idmap