I'm working on an AD where they've completely separate normal AD users and
POSIX users.
- AD: All employees have a user.
- POSIX: Certain employees get a separate user which is used for POSIX use
cases. *(Usernames are prefixed so they never collide). *Their groups are
only POSIX groups.
How can SSSD get both sets of users and their groups?
Could we create a separate [domain/...] for each? Would overrides in
[application/...] work?
Currently SSSD is only getting the POSIX users and ldap_id_mapping=false is
set. We can't really disable that without massive `chown`s across all the
systems.
--
Sean Roberts
Show replies by date