I'm curious about this statement:
The reason I ask is because I use a bunch of storage appliances that
offer Secure-NFS (NETAPP, EMC UNITY, etc.), but they only support NIS,
IDMU, RFC2307, and RFC2307bis style Identity Mapping, all of which
require manual assignment of UID/GID numbers to objects in LDAP, which is
untenable for large environments.
What is the alternative?
We have beaucoup (older) storage appliances that (lamentably) each have to
run their own usermapper to map between Windows SIDs to UNIX UIDs. It's a
pain to maintain all those usermappers on all those NAS heads. We're
wanting to migrate them to use the Posix Attributes stored in AD (aka RFC
2307bis). The MS-provided schema extension. Same as sssd on the Linux
servers use.
Per-NAS head usermappers seem ideal for a small env, where the AD admin
doesn't want to extend the AD schema; not so much for a large env with
beaucoup NAS heads.
Spike
On Wed, Oct 16, 2019 at 5:17 PM Jeff Thornsen <jthornsen(a)gmail.com> wrote:
The reason I ask is because I use a bunch of storage appliances that
offer
Secure-NFS (NETAPP, EMC UNITY, etc.), but they only support NIS, IDMU,
RFC2307, and RFC2307bis style Identity Mapping, all of which require manual
assignment of UID/GID numbers to objects in LDAP, which is untenable for
large environments. Microsoft even removed Unix Attribute editor from
their LDAP GUI for the RFC2307 attributes in Windows Server 2016 to push
people away from using rfc2307.
I would like to be able to provide a link to an RFC or design document
describing the SSSD ID Mapping algorithm so that these 3rd party vendors
can incorporate an identical identity mapping algorithm into their
products, so that I can use their Secure-NFS product in conjunction with
sssd and have the uid and gid numbers match up with the other Linux hosts
in our environment.
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...