Hi all
I am currently authenticating users with Centos 6 and sssd to an LDAP server. I'll be moving to a Centos 8 so have setup sssd to authenticate to the LDAP server on my test Centos 8 box. However, our users in our LDAP only contains all numeric identifiers for users. Centos 8 no longer accepts all numeric user names and group names
Currently my sssd.conf contains:
ldap_user_uid_number = uid ldap_user_gid_number = uid override_homedir = /homes/%u
Our LDAP server contains "uid" values for users like "123456"
I'll still be able to use the LDAP "uid" for UNIX uid and gid but what I would like to be able to do is have the user name (and group name) created by prefixing the LDAP "uid" values with a literal "u" to make them POSIX compliant.
Hence a user 123456 with "uid" of 123456 in LDAP can login and end up with a username of "u123456". I can't see a way to do that with a simple template in the "man ssd.conf"
Mike Lake UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. Think. Green. Do. Please consider the environment before printing this email.
On 3/10/20 5:11 AM, Michael Lake wrote:
Hi all
I am currently authenticating users with Centos 6 and sssd to an LDAP server. I'll be moving to a Centos 8 so have setup sssd to authenticate to the LDAP server on my test Centos 8 box. However, our users in our LDAP only contains all numeric identifiers for users. Centos 8 no longer accepts all numeric user names and group names
Currently my sssd.conf contains:
ldap_user_uid_number = uid ldap_user_gid_number = uid override_homedir = /homes/%u
Our LDAP server contains "uid" values for users like "123456"
I'll still be able to use the LDAP "uid" for UNIX uid and gid but what I would like to be able to do is have the user name (and group name) created by prefixing the LDAP "uid" values with a literal "u" to make them POSIX compliant.
Hence a user 123456 with "uid" of 123456 in LDAP can login and end up with a username of "u123456". I can't see a way to do that with a simple template in the "man ssd.conf"
How about using fully qualified names instead?
Pavel suggested:
How about using fully qualified names instead?
I'm not very familiar with LDAP. I'm not sure what that would actually look like.
What we have now is where users login to a terminal using their number. However with web based logins they do use their email address.
I'd have to check tomorrow in the LDAP and check what a fully qualified name actually is.
Mike
________________________________________ From: Pavel Březina pbrezina@redhat.com Sent: Tuesday, March 10, 2020 11:33 PM To: End-user discussions about the System Security Services Daemon; Michael Lake Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user name of u123456 ?
On 3/10/20 5:11 AM, Michael Lake wrote:
Hi all
I am currently authenticating users with Centos 6 and sssd to an LDAP server. I'll be moving to a Centos 8 so have setup sssd to authenticate to the LDAP server on my test Centos 8 box. However, our users in our LDAP only contains all numeric identifiers for users. Centos 8 no longer accepts all numeric user names and group names
Currently my sssd.conf contains:
ldap_user_uid_number = uid ldap_user_gid_number = uid override_homedir = /homes/%u
Our LDAP server contains "uid" values for users like "123456"
I'll still be able to use the LDAP "uid" for UNIX uid and gid but what I would like to be able to do is have the user name (and group name) created by prefixing the LDAP "uid" values with a literal "u" to make them POSIX compliant.
Hence a user 123456 with "uid" of 123456 in LDAP can login and end up with a username of "u123456". I can't see a way to do that with a simple template in the "man ssd.conf"
How about using fully qualified names instead?
UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. Think. Green. Do. Please consider the environment before printing this email.
sssd-users@lists.fedorahosted.org
-
Michael Lake -
Pavel Březina