[SSSD-users] Re: ldap_id_mapping=False then AD user's password not availabe
On Fri, Feb 15, 2019 at 07:05:37AM -0000, CharlesLee wrote:
Hi everyone,
I'm using sssd 1.62 in CentOS 7.4。
The sssd is very good, I love it!
But, when I use "ldap_id_mapping=False" in /etc/sssd/sssd.conf the user's
password will not availabe.
I assume with 'the user's password will not available' you mean that the
user cannot log in?
I guess that the user cannot even be found if you call 'getent passwd
username'.
Why?
With "ldap_id_mapping=False" SSSD expects that the POSIX UIDs and GIDs
are stored in Active Directory (I assume you are using AD). By default
this is not the case and recent version of Windows Servers even removed
some tools which made it easy to set them.
How to solve it?
Either use "ldap_id_mapping=True" (recommended) or add suit uidNumber
and gidNumer attributes in AD to the users and groups.
HTH
bye,
Sumit
>
> Thanks
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...