On Tue, Jun 28, 2016 at 10:10:56PM -0000, Mike Andrewjeski wrote:
Hi, We've a working sssd configuration that uses Edirectory. We are planning to move to AD from Edirectory and I'm looking for advice on how to handle the existing users uid's Edirectory. We don't really want to script chown commands for every user unless there isn't another option. Currently in Edirectory our uids begin at ~1050000 and end at ~1055000, so seven digits. I'm not certain that I can match the uid's using ldap_id_mapping. Any ideas?
AD supports the RFC2307(bis) LDAP schemes, so you can just add the UIDs and GID values into uidNumber and gidNumber attributes.
Btw, maybe moving to FreeIPA and setting up a trust to the AD forests might be an alternative for you as well?
HTH
bye, Sumit
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org