On Fri, Sep 16, 2022 at 8:35 AM Francis Augusto Medeiros-Logeay <
r_f@med-lo.eu> wrote:
On 2022-09-16 08:30, Francis Augusto Medeiros-Logeay wrote:
> Hi,
>
> I recently have been aware of the option "hybrid" for
> auto_private_groups, and it would really help us to solve a problem
> where our AD server has a gidNumber set up for users, but no primary
> group name assigned.
>
> When set to `true`, it works fine, though we don't want to set it to
> true because the uid might have been used as a gid for another user.
> Therefore hybrid is a better solution for us.
>
From the man page, the private group is generated only if the UID and GID of the user entry are identical:
----- 8< -----
hybrid
A primary group is autogenerated for user entries whose UID and GID numbers have the same value and at the same time the GID number
does not correspond to a real group object in LDAP. If the values are the same, but the primary GID in the user entry is also used
by a group object, the primary GID of the user resolves to that group object.
If the UID and GID of a user are different, then the GID must correspond to a group entry, otherwise the GID is simply not
resolvable.
This feature is useful for environments that wish to stop maintaining a separate group objects for the user private groups, but also
wish to retain the existing user private groups.
----- >8 -----
Is this your case?
flo