On Wed, 19 Jul 2017, Jelle de Jong wrote:
The problem is I am at a customer that has an old Windows 2008 AD server with Unix tools and the uidNumber, gidNumber, unixHomeDirectory and loginShell need to be used, so that my nfs shares have the correct mapping.
That's fine.
[sssd] services = autofs
Do you really only want autofs?
[autofs]
I have no idea how to get my user authentication working with the correct uidNumber, gidNumber mapping.
Can somebody maybe help?
My advice would be:
Stop using the ldap provider. Use the ad provider, and join your machines to the domain and use GSSAPI auth. No need to do anything with TLS, auth will just work.
ldap_id_mapping = False
Point it specifically at whatever attributes you need to, e.g. ldap_user_uid_number = msSFU30UidNumber
jh