[SSSD-users] UID collision possibility in SSSD with a mix of WindowsAD and non-AD domains?

Thursday, 6 October 2016

Hi,

Requesting answers to some queries.

On a client system, SSSD can be configured to query identity and authenticate against
multiple domains - Windows Active Directory (AD) as well as non-AD ones like LDAP store or
say, FreeIPA.

I understand that SSSD offers ID mapping for Windows AD objects (users, groups etc.) to
offer a separate ID range/namespace for separate Windows AD domains.

(1) What about non-AD domains?
Can SSSD "map" separate ID ranges for different non-AD domains?

That is : assume that LDAP id provider backend is used by SSSD for the two non-AD domains
"abc.com" and "xyz.com".
Can SSSD allot two different UIDs to user &quot;alice(a)abc.com&quot; and
&quot;alice(a)xyz.com&quot; who have same UID in their respective domains?

(2) And, does SSSD ensure that ID ranges for such non-AD "abc.com" and
"xyz.com" will not clash with another Windows AD domain "win.com" that
SSSD is configured to work with? (I think the answer is yes here, but just double
checking...)

Thanks & Regards,
Sambit

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[SSSD-users] UID collision possibility in SSSD with a mix of WindowsAD and non-AD domains?