If you support multiple domains, are you able to guarantee unique short names? It seems to me that could be a problem. If it is a case of multiple AD domains, but all coming form the same entity, thus guaranteeing unique short names, why not see if Services for UNIX is enabled in the domain, and use LDAP to query against it?
Ian On Wed, Aug 2, 2017 at 6:04 AM, Chris Dagdigian <[email protected]> wrote: > > Thanks Reuti! > > I can't use the trick in that tip because we have more than one AD domain > to support and that "default_ad_domain_suffix=" setting only works for one > AD domain > > The real solution is for us to wait for the next SSSD patch to come out - > they've added features that should allow universal short names coming from > any AD domain, transitive trust or child domain. > > The current plan for now is to make local accounts that match the AD short > name while stealing the UID and GID values from the remote AD integration > server. We'll run that way until the SSSD patch shows up in the various > Linux repos > > -Chris > > > > Reuti wrote: > >> A similar question was already on the list before. IMO it's not a valid >> user name in Linux and doesn't conform to POSIX, where only certain >> characters are allowed. There was this hint: >> >> http://arc.liv.ac.uk/pipermail/gridengine-users/2010-August/031881.html >> >> -- Reuti >> > > _______________________________________________ > users mailing list > [email protected] > https://gridengine.org/mailman/listinfo/users > -- Ian Kaufman Research Systems Administrator UC San Diego, Jacobs School of Engineering ikaufman AT ucsd DOT edu
_______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
