That's the beauty of following standards. RFC2307 standard tells you how to do the
mapping. SSSD honors RFCs (as well as any other appliance
I am aware of) so you do not have to do any fancy mapping on your own at all - it just
works consistently everywhere.
On 02/14/2013 06:22 PM, Greg.Lehmann(a)csiro.au wrote:
I like the idea of storing a unique UID in the AD attribute for a user. Using sssd to do
it means you have to define the same mapping on
each sssd implementation. This means you have more chance of getting it wrong with a typo
or editing stuff up and that means you could
have users creating files with the wrong UID that then need to be cleaned up. The other
problem is users having an incorrect UID reading
files they should not have access to.