Hi,
Requesting answers to some queries.
On a client system, SSSD can be configured to query identity and authenticate against
multiple domains - Windows Active Directory (AD) as well as non-AD ones like LDAP store or
say, FreeIPA.
I understand that SSSD offers ID mapping for Windows AD objects (users, groups etc.) to
offer a separate ID range/namespace for separate Windows AD domains.
(1) What about non-AD domains?
Can SSSD "map" separate ID ranges for different non-AD domains?
That is : assume that LDAP id provider backend is used by SSSD for the two non-AD domains
"abc.com" and "xyz.com".
Can SSSD allot two different UIDs to user "alice(a)abc.com" and
"alice(a)xyz.com" who have same UID in their respective domains?
(2) And, does SSSD ensure that ID ranges for such non-AD "abc.com" and
"xyz.com" will not clash with another Windows AD domain "win.com" that
SSSD is configured to work with? (I think the answer is yes here, but just double
checking...)
Thanks & Regards,
Sambit