But the whole set of the RFC2307 attributes in AD are optional, right?
What I am saying is, that IF an administrator decides to make an use of those, we should
honore the whole set, nut just a few of these.
Another use case: In AD you can not have a user and group with the same name (i.e.
sAMAccountname). In Unix you can. If sssd honored uid by default, you could workaround
this AD restriction by manually specifying uid (ADUC sets it to sAMAcountname value)
Ondrej
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek
Sent: Friday, November 01, 2013 1:45 PM
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] AD provider uses wrong user attribute?
On Fri, Nov 01, 2013 at 11:21:10AM +0000, Ondrej Valousek wrote:
In ADUC, if you tick on User "Unix attributes" and populate
it, uid is automatically set on.
Not sure if Samba even populates RFC attributes - guess you need to use
ldap_id_mapping=true w/ Samba.
Ondrej
But using UNIX attributes is optional with the AD provider, the AD provider must work well
with defaults. I think you can override the attribute with ldap_user_name config option
instead.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users