On Fri, Feb 15, 2019 at 07:05:37AM -0000, CharlesLee wrote:
Hi everyone,
I'm using sssd 1.62 in CentOS 7.4。 The sssd is very good, I love it!
But, when I use "ldap_id_mapping=False" in /etc/sssd/sssd.conf the user's password will not availabe.
I assume with 'the user's password will not available' you mean that the user cannot log in?
I guess that the user cannot even be found if you call 'getent passwd username'.
Why?
With "ldap_id_mapping=False" SSSD expects that the POSIX UIDs and GIDs are stored in Active Directory (I assume you are using AD). By default this is not the case and recent version of Windows Servers even removed some tools which made it easy to set them.
How to solve it?
Either use "ldap_id_mapping=True" (recommended) or add suit uidNumber and gidNumer attributes in AD to the users and groups.
HTH
bye, Sumit
Thanks _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...