I have a Netapp that does not support SSSD or Windbind and i want to use IDM ldap to do permission/name mapping. would using a Script on a SSSD client to populate a custom ldap schema in IPA with the SSSD uidnumber mappings be a bad idea? I know i would have to set up a cron job to run it at a reasonable interval. set it up to create and remove users added or removed from the Posix group i have mapped from the AD trust. Am i missing anything?
Ray
On Fri, Jun 02, 2017 at 12:02:04PM -0600, Frank Rey via FreeIPA-users wrote:
I have a Netapp that does not support SSSD or Windbind and i want to use IDM ldap to do permission/name mapping. would using a Script on a SSSD client to populate a custom ldap schema in IPA with the SSSD uidnumber mappings be a bad idea? I know i would have to set up a cron job to run it at a reasonable interval. set it up to create and remove users added or removed from the Posix group i have mapped from the AD trust. Am i missing anything?
Maybe the compat tree is what you are looking for, please see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm... for details.
bye, Sumit
Ray
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Ok where and when does the compat tree get populated? When I dump my look over my ldif I do not see any accounts from the AD trust. With the exception of the mapping groups which do no have uidnumbers listed with them only gid
On Jun 6, 2017 4:46 AM, "Sumit Bose via FreeIPA-users" < freeipa-users@lists.fedorahosted.org> wrote:
On Fri, Jun 02, 2017 at 12:02:04PM -0600, Frank Rey via FreeIPA-users wrote:
I have a Netapp that does not support SSSD or Windbind and i want to use IDM ldap to do permission/name mapping. would using a Script on a SSSD client to populate a custom ldap schema in IPA with the SSSD uidnumber mappings be a bad idea? I know i would have to set up a cron job to run
it
at a reasonable interval. set it up to create and remove users added or removed from the Posix group i have mapped from the AD trust. Am i
missing
anything?
Maybe the compat tree is what you are looking for, please see https://access.redhat.com/documentation/en-US/Red_Hat_ Enterprise_Linux/7/html/Windows_Integration_Guide/trust-legacy.html for details.
bye, Sumit
Ray
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.
fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org
-
Frank Rey -
Sumit Bose