On Sun, Jan 07, 2018 at 02:27:06AM -0500, Mark London wrote:
Hi - Sorry if this is not completely an SSSD question. We use SSSD on Redhat, to authenticate against the LDAP server, that is part of the Windows Active Domain server. In the old versions of the Windows server, there was software that provided integration with the LDAP server (i.e. there was a Unix tab, that could be seen, when viewing a user or group in the Active Doman.). Using this method, it was possible to create a group in Active Domain, that could be seen on the Redhat side, via a "unix tab" ,that would appear on the active domain interface. This unix integration software was removed a long time ago. But it possible using another method, to create a group in the Active Domai, that the LDAP server also sees, and thus can be seen in Redhat) Without having to switchto using AD authentication in SSSD. Thanks. - Mark
Yes, the tools to edit the unix (Posix) related attributes were removed in recent Windows versions. But the LDAP schema itself was not changed. So you still can edit the LDAP object directly with any LDAP editor or ldapmodify from the command line.
It should the possible to use the 'ADSI Edit' Windows tool as well. Select the group you want to edit and search for the attribute 'gidNumber', it should have the value '<not set>'. With the right permission (if guess if you user has the right to add a group it should also have the right to modify it) you can edit the attribute and set the expected GID value.
HTH
bye, Sumit
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org