Bug 906951

Summary: Config option for POSIX schema
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: realmdAssignee: Stef Walter <stefw>
Status: CLOSED CURRENTRELEASE QA Contact: David Spurek <dspurek>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: Colin.Simpson, dspurek, ebenes, pkis
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: realmd-0.13.90-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 11:08:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Pal 2013-02-02 00:30:56 UTC 
SSSD can be configured in two different ways with AD:
a) using POSIX schema 
b) not using POSIX schema

Realmd should:
a) Detect that the posix schema is loaded and used (populated)
b) If it is used (populated) use LDAP+Kerberos SSSD configuration (as it is now)
c) If it is not defined/populated take advantage of the new AD back end that does SID -> uid/giu translation on the fly
d) There should be a way to force the use of the AD provider even if the POSIX schema is installed and populated (for example for the cases of migration from one solution to another)

Also see autconfig bug:
https://bugzilla.redhat.com/show_bug.cgi?id=906948

This functionality also needs to be exposed to the OpenLMI realmd provider.
Comment 2 Stef Walter 2013-02-06 11:01:59 UTC 
I agree this is a good feature to have. For starters we can add a configuration option for this.

But I agree that would be nice to detect it. How can we detect whether the POSIX schema is populated and maintained? Do you know of a standard way?
Comment 3 Dmitri Pal 2013-02-08 23:25:20 UTC 
It is hard. But I think you can search and see if there is at least an entry that has an uid attribute populated (I do not know the exact name of the attribute, you would need to look it up). If no entry has this attribute populated you can assume that it is not installed or not populated.
The gray area starts when you have some number of the populated entries.
I would count this as populated by default but allow to override it with the force option.
Comment 4 Stef Walter 2013-02-12 07:51:41 UTC 
Adding a config option upstream. Would like to discuss this in Brno.
Comment 5 Stef Walter 2013-07-15 17:49:13 UTC 
As discussed elsewhere, it is not possible to autodetect whether the POSIX schema is installed and (more importantly) configured per added user.

The config option is now part of realmd. This bug has been modified to track that.
Comment 6 Stef Walter 2013-07-25 11:41:37 UTC 
*** Bug 984201 has been marked as a duplicate of this bug. ***
Comment 7 Patrik Kis 2013-07-25 12:46:01 UTC 
Hi Stef,
can you please confirm that the config option in question is "automatic-id-mapping" or something else?
Comment 8 Stef Walter 2013-07-25 19:05:54 UTC 
(In reply to Patrik Kis from comment #7)
> can you please confirm that the config option in question is
> "automatic-id-mapping" or something else?

Yes, that's the case.
Comment 10 Ludek Smid 2014-06-13 11:08:23 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.