That's the beauty of following standards. RFC2307 standard tells you how to do the mapping. SSSD honors RFCs (as well as any other appliance I am aware of) so you do not have to do any fancy mapping on your own at all - it just works consistently everywhere.


On 02/14/2013 06:22 PM, wrote:

I like the idea of storing a unique UID in the AD attribute for a user. Using sssd to do it means you have to define the same mapping on each sssd implementation. This means you have more chance of getting it wrong with a typo or editing stuff up and that means you could have users creating files with the wrong UID that then need to be cleaned up. The other problem is users having an incorrect UID reading files they should not have access to.