id mapping, rfc2307 and real customer environments
Richard Sharpe
realrichardsharpe at gmail.com
Tue May 17 22:06:27 UTC 2016
Hi folks,
We have a customer environment where all the UNIX users are isolated
in a special domain, lets call it UNIX.EXAMPLE.COM. They also have
their Windows users scattered around domains like COAL.EXAMPLE.COM and
GAS.EXAMPLE.COM. Those users who have both UNIX and Windows accounts
have their RFC2307 attributes in UNIX.EXAMPLE.COM and attributes on
their account in their home domain that points to their account in the
UNIX.EXAMPLE.COM.
Sigh.
This means that during id mapping we would have to extract the
attribute that points to their UNIX.EXAMPLE.COM account from their
home domain, then lookup the uidNumber and whatever for that account
in the UNIX.EXAMPLE.COM account.
Even worse, users who do not have UNIX accounts do not have an entry
in UNIX.EXAMPLE.COM.
It would seem that the rfc2307 id mapping module is not going to be
able to deal with such a setup.
Are there any alternatives or do we have to write our own id mapping module?
Can sssd work for this? Does it integrate well enough with Samba as a
member server?
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list