We have a small development Active Directory domain where we have several RHEL7 hosts.
We never extended our AD schema with the RFC2307 attributes (uidNumber, gidNumber, et. al.). Instead, we just configured sssd with ldap_id_mapping = true. It works fantastically well! BUT: now we need to add several RHEL5 hosts to the domain. The problem is that the RHEL5 version of sssd is 1.5.1, which is too old to support ldap_id_mapping. We looked briefly at what would be required to backport a more recent version of sssd to RHEL5, and quickly abandoned that idea: we would have to update multiple core system libraries to more recent versions as well. But we don't want to have to manually manage all accounts on the RHEL5 hosts. That would be extraordinarily tedious and error-prone. We've kicked around a few ideas: 1. Add the RFC2307 attributes to Active Directory. Set the (uidNumber, gidNumber) attributes by logging in to one of the RHEL7 hosts and observing what values sssd has mapped. 2. On one of our RHEL7 hosts, create a list of passwd/group entries for users/groups we care about, and then distribute that list of users/groups to the RHEL5 hosts. We're leaning towards #1, because while it adds an additional step for user/group creations in AD, it keeps all account management in AD, and seems like the solution with the least amount of overhead. (Only a handful of people need to be able to login to the RHEL5 systems, so we could probably get away with only creating the (uidNumber, gidNumber) attributes for the users/groups which need to be visible on those systems. Does anyone have any other suggestions on how to wrangle both RHEL5 and RHEL7 hosts with sssd? _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/QAAK6X43XM6O43R6PPUE4FYXX4AXTZTU/