Yeah short names are guaranteed unique in my environment. The new patch
for SSSD allows one to define an AD domain search/preference order and I
think the implication there is that if a dupe shortname is detected it
will assume that the shortname belongs to the 1st domain listed in the
ordering.
I'm learning far more SSSD subsystem stuff than I want to with this
SGE/HPC + AD project!
This is one of those massive global companies where you will be laughed
out of the room if you propose a schema change or something like SFU in
their primary domain controller environment. It takes days to get one of
the AD gurus to even agree to a phone call, heh.
So all of our AD integration is via a RHEL IDM server aka Free-IPA
master that has a 1-way trust to the top domain of COMPANY.COM. The
1-way trust allows Free-IPA and RHEL IDM to traverse the transitive
trust relationships to resolve and enumerate users and groups who are in
child domains like NAFTA.COMPANY.COM and EAME.COMPANY.COM etc.
-dag
Ian Kaufman wrote:
If you support multiple domains, are you able to guarantee unique
short names? It seems to me that could be a problem. If it is a case
of multiple AD domains, but all coming form the same entity, thus
guaranteeing unique short names, why not see if Services for UNIX is
enabled in the domain, and use LDAP to query against it?
Ian
_______________________________________________
users mailing list
users@gridengine.org
https://gridengine.org/mailman/listinfo/users
