On (17/10/19 11:13), Pavel Březina wrote:
On 10/17/19 12:17 AM, Jeff Thornsen wrote:
> The reason I ask is because I use a bunch of storage appliances that offer Secure-NFS
(NETAPP, EMC UNITY, etc.), but they only support NIS, IDMU, RFC2307, and RFC2307bis style
Identity Mapping, all of which require manual assignment of UID/GID numbers to objects in
LDAP, which is untenable for large environments. Microsoft even removed Unix Attribute
editor from their LDAP GUI for the RFC2307 attributes in Windows Server 2016 to push
people away from using rfc2307.
>
> I would like to be able to provide a link to an RFC or design document describing the
SSSD ID Mapping algorithm so that these 3rd party vendors can incorporate an identical
identity mapping algorithm into their products, so that I can use their Secure-NFS product
in conjunction with sssd and have the uid and gid numbers match up with the other Linux
hosts in our environment.
There is [1]. But I am not sure if it is as thorough as you need and it might
be also a little outdated. So the best documentation would be the sources of
sss_idmap library [2]. Also it should be possible to use this library instead
of implementing your own algorithm.
+1 for usage of libsss_idmap.so
You might also want to check the man page (sss_rpcidmapd)[3]
in case of NFS (it is part of sssd-nfs-idmap on fedora/CentOS)
[1]
https://docs.pagure.org/SSSD.sssd/design_pages/idmap_auto_assign_new_slic...
[2]
https://github.com/SSSD/sssd/tree/master/src/lib/idmap
[3]
https://www.mankier.com/5/sss_rpcidmapd
LS