In Active Directory with no Identity Management for Unix Role Service enabled there is no uid attribute available but the user id could be constructed from objectSid. This is what winbind's idmap_rid(8) and nss-pam-ldapd do:
It would make using SSSD against AD easier if something like this would be available in SSSD, too.
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Verified in version 1.9.2-13
Report from baker automation run:
[ PASS ] idmap_001 ldap provider
[ PASS ] idmap_002 ldap provider,idmapping=false
[ PASS ] idmap_003 ldap_idmap_range_size is more than the difference of max-min
[ PASS ] idmap_004 ldap_idmap_range_min is negative
[ PASS ] idmap_005 ldap_idmap_range_max or ldap_idmap_range_min is a very large
[ PASS ] idmap_006 All values are negative
[ PASS ] idmap_007 ldap_idmap_range_min is zero
[ PASS ] idmap_008 ldap_idmap_range_max is less than ldap_idmap_range_min
[ PASS ] idmap_009 ldap_idmap_default_domain_sid=junk
[ PASS ] idmap_010 ldap_idmap_default_domain_sid=<doesn't match the AD domain sid>
[ PASS ] idmap_011 ldap_idmap_default_domain_sid=<matches the AD domain sid>
[ PASS ] idmap_012 ldap_idmap_autorid_compat=true and ldap_idmap_default_domain_sid is not mentioned
[ PASS ] idmap_013 ldap_idmap_autorid_compat=true and and ldap_idmap_default_domain_sid is not matching the AD domain SID
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.