Why on earth would you assign a numeric value to a uid? Just do a ldapmodify and replace the uid with a valid userid (eg. jsmith) and replace uidNumber with the previous value, then get rid of the: ldap_user_uid_number = uid ldap_user_gid_number = uid stuff, you can do this in one ldif with
dn: uid=123456,ou=people,dc=example,dc=com changetype: modify replace uid, uidNumber uid: jsmith uidNumber: 123456 - dn: uid=123458,ou=people,dc=example,dc=com changetype: modify replace uid, uidNumber uid: foobar uidNumber: 123458 - (just keep going I'd do an export and work from that) > On March 10, 2020 at 9:30 PM Michael Lake <mike.l...@uts.edu.au> wrote: > > Example user: > > uid: 123456 > mail: mike.l...@uts.edu.au mailto:mike.l...@uts.edu.au > uidNumber: 200123456 > > ________________________________________ > From: patrick.h...@comcast.net mailto:patrick.h...@comcast.net > <patrick.h...@comcast.net> > Sent: Wednesday, March 11, 2020 9:15 AM > To: End-user discussions about the System Security Services Daemon > Subject: [SSSD-users] Re: Can I map an LDAP value of 123456 to a user > name of u123456 ? > > In LDAP what are the uidNumber and uid attributes for a sample user? > On March 10, 2020 at 2:45 PM Michael Lake <mike.l...@uts.edu.au> wrote: > > Hi > > But I'd still have the problem that my UNIX username needs to be POSIX > compliant. So if my number is 123456 and my email is > mike.l...@uts.edu.au<mailto:mike.l...@uts.edu.au> I dont want the actual UNIX > username to be an email address with an @ in it. Complicates all sorts of > scripts. A username of u123456 is simple. > Hence being able to just set that using sssd would be simplest if it can > be done. > Slightly more hassle is getting the LDAP changed or a writing a PAM > module so change the login. > > Hence I'd ask if there is something simpler first. > > Mike > ________________________________________ > From: Pavel Březina <pbrez...@redhat.com> > Sent: Wednesday, March 11, 2020 2:31 AM > To: Michael Lake; End-user discussions about the System Security Services > Daemon > Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user > name of u123456 ? > > On 3/10/20 1:53 PM, Michael Lake wrote: > > Pavel suggested: > > > How about using fully qualified names instead? > > > > I'm not very familiar with LDAP. I'm not sure what that would actually > > look like. > > > > What we have now is where users login to a terminal using their number. > > However with web based logins they do use their email address. > > > > I'd have to check tomorrow in the LDAP and check what a fully qualified > > name actually is. > > Fully qualified name is a name in the form of user@domain. I.e. if you > have [domain/mydomain] in /etc/sssd/sssd.conf the fully qualified name > will be number@mydomain. > > If they are used to login with their email address, you could also > switch name attribute to the email address attribute if it is in LDAP. > > See ldap_user_name in `man sssd-ldap` and use_fully_qualified_names and > full_name_format in `man sssd.conf`. > > > Mike > > > > ________________________________________ > > From: Pavel Březina <pbrez...@redhat.com> > > Sent: Tuesday, March 10, 2020 11:33 PM > > To: End-user discussions about the System Security Services Daemon; > > Michael Lake > > Subject: Re: [SSSD-users] Can I map an LDAP value of 123456 to a user > > name of u123456 ? > > > > On 3/10/20 5:11 AM, Michael Lake wrote: > > > Hi all > > > > > > I am currently authenticating users with Centos 6 and sssd to an LDAP > > > server. I'll be moving to a Centos 8 so have setup sssd to > authenticate > > > to the LDAP server on my test Centos 8 box. However, our users in our > > > LDAP only contains all numeric identifiers for users. Centos 8 no > longer > > > accepts all numeric user names and group names > > > > > > Currently my sssd.conf contains: > > > > > > ldap_user_uid_number = uid > > > ldap_user_gid_number = uid > > > override_homedir = /homes/%u > > > > > > Our LDAP server contains "uid" values for users like "123456" > > > > > > I'll still be able to use the LDAP "uid" for UNIX uid and gid but what > > > I would like to be able to do is have the user name (and group name) > > > created by prefixing the LDAP "uid" values with a literal "u" to make > > > them POSIX compliant. > > > > > > Hence a user 123456 with "uid" of 123456 in LDAP can login and end up > > > with a username of "u123456". > > > I can't see a way to do that with a simple template in the "man > > > ssd.conf" > > > > How about using fully qualified names instead? > > > > UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any > > accompanying attachments may contain confidential information. If you > > are not the intended recipient, do not read, use, disseminate, > > distribute or copy this message or attachments. If you have received > > this message in error, please notify the sender immediately and delete > > this message. Any views expressed in this message are those of the > > individual sender, except where the sender expressly, and with > > authority, states them to be the views of the University of Technology > > Sydney. Before opening any attachments, please check them for viruses > > and defects. Think. Green. Do. Please consider the environment before > > printing this email. > > UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any > accompanying attachments may contain confidential information. If you are not > the intended recipient, do not read, use, disseminate, distribute or copy > this message or attachments. If you have received this message in error, > please notify the sender immediately and delete this message. Any views > expressed in this message are those of the individual sender, except where > the sender expressly, and with authority, states them to be the views of the > University of Technology Sydney. Before opening any attachments, please check > them for viruses and defects. Think. Green. Do. Please consider the > environment before printing this email. > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > mailto:sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > mailto:sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/< > https://docs.fedoraproject.org/en-US/project/code-of-conduct/> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines< > https://fedoraproject.org/wiki/Mailing_list_guidelines> > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org< > > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org> > > > UTS CRICOS Provider Code: 00099F DISCLAIMER: This email message and any > accompanying attachments may contain confidential information. If you are not > the intended recipient, do not read, use, disseminate, distribute or copy > this message or attachments. If you have received this message in error, > please notify the sender immediately and delete this message. Any views > expressed in this message are those of the individual sender, except where > the sender expressly, and with authority, states them to be the views of the > University of Technology Sydney. Before opening any attachments, please check > them for viruses and defects. Think. Green. Do. Please consider the > environment before printing this email. > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
