Am Thu, Sep 30, 2021 at 03:41:12PM -0000 schrieb Kurt Stine:

I was told this would be a better place than github issues.

We're moving from an ldap environment to an AD environment. This means we have a large amount of users who are still linked with their original ldap UIDs. Unfortunately, changing the UIDs to the automatically assigned AD UIDs is not an option. Is there a way for SSSD to both inherit a UID if it exists or create its own if it doesn't? Also, is it possible to sync AD groups as well?

Right now we have this: #ldap_id_mapping = True ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber

Unfortunately, even removing the last line doesn't sync AD groups. Are there any options to sync them?

Hi,

as Alexey said in https://github.com/SSSD/sssd/issues/5800 SSSD offers the override feature for this. You can import multiple overrides at once with 'sss_override user-import ...' or 'sss_override group-import ...'. If you are using a configuration management tool like ansible, puppet, cfengine etc you can distribute a file with the overrides to all affected systems and all 'sss_override'.

HTH

bye, Sumit

Thanks, Kurt _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure