As a follow-up to the discussion below, I have written a utility that synthesizes passwd(5) or group(5) entries from LDIF data, mimicking the entries that sssd produces when sssd is configured to auto-map uid/gid values from the Windows objectSid. It’s available here:
https://github.com/qralston/genent It works for us in our environment; hopefully others will find it useful as well. This is the initial release, so it may be buggy. Feedback, pull requests, issues, et. al. are all welcome; please consult the TODO.md file. On Fri, Oct 25, 2019 at 8:11 PM James Ralston <rals...@pobox.com> wrote: > On Wed, Oct 16, 2019 at 6:17 PM Jeff Thornsen <jthorn...@gmail.com> wrote: > > > The reason I ask is because I use a bunch of storage appliances > > that offer Secure-NFS (NETAPP, EMC UNITY, etc.), but they only > > support NIS, IDMU, RFC2307, and RFC2307bis style Identity Mapping, > > all of which require manual assignment of UID/GID numbers to > > objects in LDAP, which is untenable for large environments. > > Microsoft even removed Unix Attribute editor from their LDAP GUI > > for the RFC2307 attributes in Windows Server 2016 to push people > > away from using rfc2307. > > [We're] working on a utility that will read an LDIF dump, and at the > cost of a single getgrnam('domain users') call (to determine sssd's > offset), will output either a passwd(5) or group(5) file in the same > format that sssd would generate, at O(1) cost. Then we will serve > up these synthesized passwd/group files for our storage appliance's > consumption. It's Rube-Goldberg-esque, but it's the best we can do > until our storage appliance vendor finally implements uid/gid > auto-mapping from the objectSID. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org