On 24.8.2016 09:03, Joakim Tjernlund wrote:
Getting to the of our AD domain migration but there is one step I
haven't solved.
Our users has UID/GID in the new domain while the already present users in the new
domain
does not. Assigning UID/GID to all users does not sit well with upstream IT so I am
looking at what to do with these when they visit/access our site.
What comes to mind is partial id_mapping, if a user had UID/GID in the AD use that,
otherwise
do id_mapping for that user(preferably the same way samba does it since we already have a
samba
based interim solution).
I haven't found a way to do that in sssd, is there?
Maybe I am just full of it and this is really a bad idea?
Are you using FreeIPA? FreeIPA got support for "ID Views" which can be used
for this purpose. (I'm not very sure about pure-SSSD case.)
--
Petr Spacek @ Red Hat