On 08/21/2015 09:04 AM, Pierre Neyron wrote:
Hi,
I would like to use SSSD to allow authentication on linux machines for
users managed in 2 LDAP bases.
While SSSD is capable of supporting several domains, it seems to only
allow to handle the case where uid/gid are well partitioned between the
bases, with no conflicts (each base having its own uid/gid range).
I'm wondering if there is any plan to add support in SSSD for
renumbering uid and gid in the case of bases which are not well
partitioned ?
Or if anyone already faced the problem and found a nice way to manage
such a use case ?
Thanks,
BR
In general this is a bad practice to have users with overlapping uids/gids
There is a feature in works to allow local uid/gid overrides.
I do nto know if this feature is per domain or global.
If per domain it might help you.
Also not all users might need to be treated as POSIX users. This is also
something being explored.
--
Thank you,
Dmitri Pal
Engineering Director, Identity Management and Platform Security
Red Hat, Inc.