Understood, but it is not important.
Both directories (AD & Samba) do know about the uid attribute & RFC3207 dictates
its usage so:
1. If samba-tool does not populate it, then it is a bug in Samba which should be fixed
2. If sssd does not honor this attribute when running in RFC2307 compatibility mode, then
it is a bug and should be fixed as well
Ondrej
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Rowland Penny
Sent: Friday, November 01, 2013 1:09 PM
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] AD provider uses wrong user attribute?
On 01/11/13 11:21, Ondrej Valousek wrote:
In ADUC, if you tick on User "Unix attributes" and populate
it, uid is automatically set on.
Not sure if Samba even populates RFC attributes - guess you need to use
ldap_id_mapping=true w/ Samba.
Ondrej
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of
Rowland Penny
Sent: Friday, November 01, 2013 11:13 AM
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] AD provider uses wrong user attribute?
On 01/11/13 10:00, Ondrej Valousek wrote:
> Yes it is guaranteed to be there (or we can safely assume so) if we
> use Ldap_id_mapping = False
>
>
> -----Original Message-----
> From: sssd-users-bounces(a)lists.fedorahosted.org
> [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub
> Hrozek
> Sent: Friday, November 01, 2013 10:52 AM
> To: sssd-users(a)lists.fedorahosted.org
> Subject: Re: [SSSD-users] AD provider uses wrong user attribute?
>
> On Fri, Nov 01, 2013 at 09:36:05AM +0000, Ondrej Valousek wrote:
>> Hi List,
>>
>> Looks like the AD provider in sssd honors sAMAccountname attribute instead of the
'uid' (which is more in line with the RFC2307).
>> Is this intentional or a bug?
>>
>> Thanks,
>> Ondrej
> Intentional, is UID guaranteed to be there in all setups even if RFC2307 attributes
are not present on the AD side?
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
I wouldn't like to bet on 'uid' being there on Samba4 AD if the user is
created with samba-tool, 'uid' is an optional attribute.
Rowland
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
With samba-tool you have to add the RFC2307 attributes separately and even then it
does not work just like ADUC, for instance, samba4 does not have '
msSFU30MaxUidNumber' or 'msSFU30MaxGidNumber' attributes and samba-tool adds
the posixAccount & posixGroup objectClasses that ADUC doesn't.
Rowland
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users