#1408 It should be possible to use uid/gid defined in AD instead of SIDs
Closed: Fixed None Opened 7 years ago by dpal.

The first implementation of the trusts solution takes SID of the user entry and uses a special algorithm to create unique UID for the user. The similar approach is used for GID. This works fine for the deployments that do not have POSIX attributes defined in AD. In the cases when POSIX attributes are defined in AD there are usually already clients that leverage these attributes so switching to the SID->UIS/GID model is not acceptable. Instead IPA and SSSD should be able to respect the POSIX attributes defined in the AD.

IPA ticket https://fedorahosted.org/freeipa/ticket/2904


Fields changed

description: The first implementation of the trusts solution takes SID of the user entry and uses a special algorithm to create unique UID for the user. The similar approach is used for GID. This works fine for the deployments that do not have POSIX attributes defined in AD. In the cases when POSIX attributes are defined in AD there are usually already clients that leverage these attributes so switching to the SID->UIS/GID model is not acceptable. Instead IPA and SSSD should be able to respect the POSIX attributes defined in the AD. => The first implementation of the trusts solution takes SID of the user entry and uses a special algorithm to create unique UID for the user. The similar approach is used for GID. This works fine for the deployments that do not have POSIX attributes defined in AD. In the cases when POSIX attributes are defined in AD there are usually already clients that leverage these attributes so switching to the SID->UIS/GID model is not acceptable. Instead IPA and SSSD should be able to respect the POSIX attributes defined in the AD.

IPA ticket https://fedorahosted.org/freeipa/ticket/2904

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11 beta
rhbz: => todo

Fields changed

proposed_priority: => Blocker

Fields changed

type: defect => enhancement

Moving all the features planned for 1.10 release into 1.10 beta.

milestone: SSSD 1.11 beta => SSSD 1.10 beta

Fields changed

priority: major => blocker

Fields changed

design: =>
design_review: => 0
fedora_test_page: =>
selected: => Want

Fields changed

priority: blocker => critical

Fields changed

review: => 1

As discussed on a separate meeting Sumit will be working on this feature post-1.10 as part of providing better experience for migration to trusts solution.

Moving to 1.11 beta.

milestone: SSSD 1.10 beta => SSSD 1.11 beta

Fields changed

milestone: SSSD 1.12 beta => SSSD 1.11 beta

Moving open tickets from 1.11 beta to 1.11 beta2

milestone: SSSD 1.11 beta => SSSD 1.11 beta 2

Fields changed

changelog: =>
milestone: SSSD 1.11 beta 2 => SSSD 1.11 beta 3

This is a tracker -> changing to task

Fields changed

type: enhancement => task

The functionality required by this tracker was already implemented in beta2

resolution: => fixed
status: new => closed

Fields changed

summary: [RFE] It should be possible to use uid/gid defined in AD instead of SIDs => It should be possible to use uid/gid defined in AD instead of SIDs

Metadata Update from @dpal:
- Issue set to the milestone: SSSD 1.11.0

2 years ago

Login to comment on this ticket.

Metadata