On Mon, Jul 13, 2020 at 11:19:42AM -0000, Vjay wrote:
> Hi Friends,
> As a security requirement, we have to migrate LDAP servers from one active directory domain to other active directory domain. Old active directory LDAP servers are providing unix attributes for linux servers(centos 7) while new active directory LDAP servers don't so we have to migrate unix attribute management to sssd, which will change userid and groupid of all users.
> Does SSSD provide feature to keep / store userid and groupid from old domain of users so we don't have change file ownership on linux server side for the files owned by active directory users?
while SSSD allows to define local overrides, see man sss_override for
details, I would not recommend to use it in your case.
Afaik you can just migrate the unix attribute to the new AD DC. Although
the unix attributes cannot be manage anymore in the 'Unix Attributes'
tab of AD's 'Users and Computers' utility the underlying LDAP schema
still supports those attributes. You can still edit the attributes with
the 'Attribute Editor' tab which is available if you switch one
'Advanced Features' in the 'View' menu.
> sssd-users mailing list -- firstname.lastname@example.org
> To unsubscribe send an email to email@example.com
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://firstname.lastname@example.org
sssd-users mailing list -- email@example.com
To unsubscribe send an email to firstname.lastname@example.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://email@example.com