On Sun, Jan 07, 2018 at 02:27:06AM -0500, Mark London wrote:
Hi - Sorry if this is not completely an SSSD question. We use SSSD
Redhat, to authenticate against the LDAP server, that is part of the Windows
Active Domain server. In the old versions of the Windows server, there was
software that provided integration with the LDAP server (i.e. there was a
Unix tab, that could be seen, when viewing a user or group in the Active
Doman.). Using this method, it was possible to create a group in Active
Domain, that could be seen on the Redhat side, via a "unix tab" ,that would
appear on the active domain interface. This unix integration software was
removed a long time ago. But it possible using another method, to create a
group in the Active Domai, that the LDAP server also sees, and thus can be
seen in Redhat) Without having to switchto using AD authentication in
SSSD. Thanks. - Mark
Yes, the tools to edit the unix (Posix) related attributes were removed
in recent Windows versions. But the LDAP schema itself was not changed.
So you still can edit the LDAP object directly with any LDAP editor or
ldapmodify from the command line.
It should the possible to use the 'ADSI Edit' Windows tool as well.
Select the group you want to edit and search for the attribute
'gidNumber', it should have the value '<not set>'. With the right
permission (if guess if you user has the right to add a group it should
also have the right to modify it) you can edit the attribute and set the
expected GID value.
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org