Hi,
I would like to use SSSD to allow authentication on linux machines for users managed in 2 LDAP bases.
While SSSD is capable of supporting several domains, it seems to only allow to handle the case where uid/gid are well partitioned between the bases, with no conflicts (each base having its own uid/gid range).
I'm wondering if there is any plan to add support in SSSD for renumbering uid and gid in the case of bases which are not well partitioned ? Or if anyone already faced the problem and found a nice way to manage such a use case ?
Thanks, BR
On 08/21/2015 09:04 AM, Pierre Neyron wrote:
Hi,
I would like to use SSSD to allow authentication on linux machines for users managed in 2 LDAP bases.
While SSSD is capable of supporting several domains, it seems to only allow to handle the case where uid/gid are well partitioned between the bases, with no conflicts (each base having its own uid/gid range).
I'm wondering if there is any plan to add support in SSSD for renumbering uid and gid in the case of bases which are not well partitioned ? Or if anyone already faced the problem and found a nice way to manage such a use case ?
Thanks, BR
In general this is a bad practice to have users with overlapping uids/gids There is a feature in works to allow local uid/gid overrides. I do nto know if this feature is per domain or global. If per domain it might help you.
Also not all users might need to be treated as POSIX users. This is also something being explored.
On 08/21/2015 05:07 PM, Dmitri Pal wrote:
On 08/21/2015 09:04 AM, Pierre Neyron wrote:
Hi,
I would like to use SSSD to allow authentication on linux machines for users managed in 2 LDAP bases.
While SSSD is capable of supporting several domains, it seems to only allow to handle the case where uid/gid are well partitioned between the bases, with no conflicts (each base having its own uid/gid range).
I'm wondering if there is any plan to add support in SSSD for renumbering uid and gid in the case of bases which are not well partitioned ? Or if anyone already faced the problem and found a nice way to manage such a use case ?
Thanks, BR
In general this is a bad practice to have users with overlapping uids/gids There is a feature in works to allow local uid/gid overrides. I do nto know if this feature is per domain or global. If per domain it might help you.
Hi, this feature is going to be part of 1.13.1.
Also not all users might need to be treated as POSIX users. This is also something being explored.
On Tue, Aug 25, 2015 at 02:33:43PM +0200, Pavel Březina wrote:
On 08/21/2015 05:07 PM, Dmitri Pal wrote:
On 08/21/2015 09:04 AM, Pierre Neyron wrote:
Hi,
I would like to use SSSD to allow authentication on linux machines for users managed in 2 LDAP bases.
While SSSD is capable of supporting several domains, it seems to only allow to handle the case where uid/gid are well partitioned between the bases, with no conflicts (each base having its own uid/gid range).
I'm wondering if there is any plan to add support in SSSD for renumbering uid and gid in the case of bases which are not well partitioned ? Or if anyone already faced the problem and found a nice way to manage such a use case ?
Thanks, BR
In general this is a bad practice to have users with overlapping uids/gids There is a feature in works to allow local uid/gid overrides. I do nto know if this feature is per domain or global. If per domain it might help you.
Hi, this feature is going to be part of 1.13.1.
Yes, also RHEL-wise, this is part of 7.2
sssd-users@lists.fedorahosted.org
-
Dmitri Pal -
Jakub Hrozek -
Pavel Březina -
Pierre Neyron