On Tue, Jun 28, 2016 at 10:10:56PM -0000, Mike Andrewjeski wrote:
Hi, We've a working sssd configuration that uses Edirectory. We
are planning to move to AD from Edirectory and I'm looking for advice on how to handle
the existing users uid's Edirectory. We don't really want to script chown
commands for every user unless there isn't another option. Currently in Edirectory
our uids begin at ~1050000 and end at ~1055000, so seven digits. I'm not certain that
I can match the uid's using
ldap_id_mapping. Any ideas?
AD supports the RFC2307(bis) LDAP schemes, so you can just add the UIDs
and GID values into uidNumber and gidNumber attributes.
Btw, maybe moving to FreeIPA and setting up a trust to the AD forests
might be an alternative for you as well?
> sssd-users mailing list