Do you have control over the RHEL IDM server? If so, it is pretty simple to perform LDAP queries against IDM/IPA.
Ian On Wed, Aug 2, 2017 at 8:21 AM, Chris Dagdigian <[email protected]> wrote: > > Yeah short names are guaranteed unique in my environment. The new patch > for SSSD allows one to define an AD domain search/preference order and I > think the implication there is that if a dupe shortname is detected it will > assume that the shortname belongs to the 1st domain listed in the ordering. > > I'm learning far more SSSD subsystem stuff than I want to with this > SGE/HPC + AD project! > > This is one of those massive global companies where you will be laughed > out of the room if you propose a schema change or something like SFU in > their primary domain controller environment. It takes days to get one of > the AD gurus to even agree to a phone call, heh. > > So all of our AD integration is via a RHEL IDM server aka Free-IPA master > that has a 1-way trust to the top domain of COMPANY.COM. The 1-way trust > allows Free-IPA and RHEL IDM to traverse the transitive trust relationships > to resolve and enumerate users and groups who are in child domains like > NAFTA.COMPANY.COM and EAME.COMPANY.COM etc. > > -dag > > > > Ian Kaufman wrote: > >> If you support multiple domains, are you able to guarantee unique short >> names? It seems to me that could be a problem. If it is a case of multiple >> AD domains, but all coming form the same entity, thus guaranteeing unique >> short names, why not see if Services for UNIX is enabled in the domain, and >> use LDAP to query against it? >> >> Ian >> >> > -- Ian Kaufman Research Systems Administrator UC San Diego, Jacobs School of Engineering ikaufman AT ucsd DOT edu
_______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
