I'm curious about this statement:

     The reason I ask is because I use a bunch of storage appliances that offer Secure-NFS (NETAPP, EMC UNITY, etc.), but they only support NIS, IDMU, RFC2307, and RFC2307bis       style Identity Mapping, all of which require manual assignment of UID/GID numbers to objects in LDAP, which is untenable for large environments. 

What is the alternative?

We have beaucoup (older) storage appliances that (lamentably) each have to run their own usermapper to map between Windows SIDs to UNIX UIDs.  It's a pain to maintain all those usermappers on all those NAS heads.  We're wanting to migrate them to use the Posix Attributes stored in AD (aka RFC 2307bis).  The MS-provided schema extension.  Same as sssd on the Linux servers use.  

Per-NAS head usermappers seem ideal for a small env, where the AD admin doesn't want to extend the AD schema;  not so much for a large env with beaucoup NAS heads.

Spike



 

On Wed, Oct 16, 2019 at 5:17 PM Jeff Thornsen <jthornsen@gmail.com> wrote:
The reason I ask is because I use a bunch of storage appliances that offer Secure-NFS (NETAPP, EMC UNITY, etc.), but they only support NIS, IDMU, RFC2307, and RFC2307bis style Identity Mapping, all of which require manual assignment of UID/GID numbers to objects in LDAP, which is untenable for large environments.  Microsoft even removed Unix Attribute editor from their LDAP GUI for the RFC2307 attributes in Windows Server 2016 to push people away from using rfc2307.

I would like to be able to provide a link to an RFC or design document describing the SSSD ID Mapping algorithm so that these 3rd party vendors can incorporate an identical identity mapping algorithm into their products, so that I can use their Secure-NFS product in conjunction with sssd and have the uid and gid numbers match up with the other Linux hosts in our environment.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org