So!

New question, hopefully someone out there will know the answer:
I have a posix group located in LDAP ala:

cn=groupname,ou=LAB,dc=domain,dc=ca

Which contains a memberUid attribute with several uid values.

I am attempting to get sssd to associate these uids in the group with
the uid upon login.  So far I am unsuccessful (id only returns the gid
in the user account)

Users are located in
ou=people,dc=domain,dc=ca
and they have a number of different objectClasses, one of which is
posixAccount

Any ideas?  I am going to ask this on the SSSD-devel list too but I
figured everyone here is so knowledgeable and nice, there might be a
kind person who has this knowledge already and might help me :)

-Chris


On 11-05-31 4:31 PM, Chris Tooley wrote:
> To answer my own question:
>
> There are examples in sssd.conf that work, I had mistakenly assumed the
> attributes to which I wanted to map were already present in the LDAP
> user entry (labHomeDirectory, labShadowExpire), which they weren't -
> thus I was assuming I was using the examples incorrectly - making sure
> that I have values and the actual attributes sssd works correctly :)
>
> Sorry for the chaff!
>
> -Chris
>
> On 11-05-31 11:28 AM, Chris Tooley wrote:
>> Hello all,
>>
>> I am using SL6 on a new machine I've setup, and it's using SSSD, apparently.
>>
>> Originally, when I was just using a plane-jane ldap.conf file and ldap
>> with pam, I could specify:
>>
>> nss_map_attribute       homeDirectory 	labHomeDirectory
>> nss_map_attribute       shadowExpire 	labShadowExpire
>>
>> Suffice it to say, I need to implement these values, and I am completely
>> unfamiliar with SSSD.  Can someone give me a pointer to some
>> documentation on this daemon, particularly as it relates to LDAP, or,
>> should I just disable SSSD and continue to use my old methods...?
>>
>> Is there something I'm missing in SSSD config somewhere which would
>> allow me to map attributes like the above?
>>
>> Thanks,
>> ~Chris