Bug 7257 - tl-ldap-certalias doesn't work with sssd automatic uids
Summary: tl-ldap-certalias doesn't work with sssd automatic uids
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Smart card (show other bugs)
Version: 1.3.1
Hardware: PC Unknown
: P2 Normal
Target Milestone: MediumPrio
Assignee: Pierre Ossman
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-12 13:37 CEST by Pierre Ossman
Modified: 2018-10-19 12:50 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio 2018-10-12 13:37:25 CEST 
sssd can work with Active Directory servers that do not have POSIX attributes set up for users. It does this by having a mapping algorithm between Windows SIDs and Unix UIDs. This mapping is deterministic so that it is the same on any machine (and hence usable in a cluster).

However we do not support this mode in tl-ldap-certalias which requires POSIX attributes on users in order to be able to map them properly.
Comment 3 Karl Mikaelsson cendio 2018-10-19 12:50:55 CEST 
Looks like Microsoft is slowly forcing everyone into the auto-generated uid/gid direction by removing the GUI to set the Unix attributes on objects in an AD:

 https://blogs.technet.microsoft.com/activedirectoryua/2016/02/09/identity-management-for-unix-idmu-is-deprecated-in-windows-server/
Note You need to log in before you can comment on or make changes to this bug.