Bug 7257

Summary: tl-ldap-certalias doesn't work with sssd automatic uids
Product: ThinLinc Reporter: Pierre Ossman <ossman>
Component: Smart cardAssignee: Pierre Ossman <ossman>
Status: NEW ---    
Severity: Normal CC: hean01
Priority: P2    
Version: 1.3.1   
Target Milestone: MediumPrio   
Hardware: PC   
OS: Unknown   
Acceptance Criteria:

Description Pierre Ossman cendio 2018-10-12 13:37:25 CEST
sssd can work with Active Directory servers that do not have POSIX attributes set up for users. It does this by having a mapping algorithm between Windows SIDs and Unix UIDs. This mapping is deterministic so that it is the same on any machine (and hence usable in a cluster).

However we do not support this mode in tl-ldap-certalias which requires POSIX attributes on users in order to be able to map them properly.
Comment 3 Karl Mikaelsson cendio 2018-10-19 12:50:55 CEST
Looks like Microsoft is slowly forcing everyone into the auto-generated uid/gid direction by removing the GUI to set the Unix attributes on objects in an AD:

 https://blogs.technet.microsoft.com/activedirectoryua/2016/02/09/identity-management-for-unix-idmu-is-deprecated-in-windows-server/