Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 768168 - [RFE] Allow Constructing uid from Active Directory objectSid
[RFE] Allow Constructing uid from Active Directory objectSid
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.0
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
: FutureFeature
Depends On:
Blocks: 736854 998474
  Show dependency treegraph
 
Reported: 2011-12-15 17:25 EST by Dmitri Pal
Modified: 2013-08-19 08:06 EDT (History)
4 users (show)

See Also:
Fixed In Version: sssd-1.9.1-1.el6
Doc Type: Enhancement
Doc Text:
Cause: Some Active Directory deployments do not carry the POSIX attributes such as UID number at all. Consequence: In order to use accounts from Active Directory in a Linux environment, the AD administrators would have to enable a special Services for UNIX extenstion with older AD servers and assign UID and GID numbers. Change: A new ID mapping library was implemented in the SSSD. The ID mapping library is capable of automatically generating UNIX IDs from Windows Security Identifiers (SIDs) Result: The administrator is able to use Windows accounts easily in a UNIX environment.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:34:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0508 normal SHIPPED_LIVE Low: sssd security, bug fix and enhancement update 2013-02-20 16:30:10 EST

  None (edit)
Description Dmitri Pal 2011-12-15 17:25:15 EST 
In Active Directory with no Identity Management for Unix Role Service enabled there is no uid attribute available but the user id could be constructed from objectSid. This is what winbind's idmap_rid(8) and nss-pam-ldapd do:

 http://www.samba.org/samba/docs/man/manpages-3/idmap_rid.8.html
 http://lists.arthurdejong.org/nss-pam-ldapd-users/2011/msg00213.html
 http://arthurdejong.org/viewvc/nss-pam-ldapd?view=revision&revision=1425

It would make using SSSD against AD easier if something like this would be available in SSSD, too.

https://fedorahosted.org/sssd/ticket/996
Comment 1 RHEL Product and Program Management 2012-07-10 03:07:02 EDT 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 2 RHEL Product and Program Management 2012-07-10 22:03:16 EDT 
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Comment 4 Kaushik Banerjee 2012-11-16 03:54:16 EST 
Verified in version 1.9.2-13

Report from baker automation run:
[   PASS   ]      idmap_001 ldap provider
[   PASS   ]      idmap_002 ldap provider,idmapping=false
[   PASS   ]      idmap_003 ldap_idmap_range_size is more than the difference of max-min
[   PASS   ]      idmap_004 ldap_idmap_range_min is negative
[   PASS   ]      idmap_005 ldap_idmap_range_max or ldap_idmap_range_min is a very large
[   PASS   ]      idmap_006 All values are negative
[   PASS   ]      idmap_007 ldap_idmap_range_min is zero
[   PASS   ]      idmap_008 ldap_idmap_range_max is less than ldap_idmap_range_min
[   PASS   ]      idmap_009 ldap_idmap_default_domain_sid=junk
[   PASS   ]      idmap_010 ldap_idmap_default_domain_sid=<doesn't match the AD domain sid>
[   PASS   ]      idmap_011 ldap_idmap_default_domain_sid=<matches the AD domain sid>
[   PASS   ]      idmap_012 ldap_idmap_autorid_compat=true and ldap_idmap_default_domain_sid is not mentioned
[   PASS   ]      idmap_013 ldap_idmap_autorid_compat=true and and ldap_idmap_default_domain_sid is not matching the AD domain SID
Comment 5 errata-xmlrpc 2013-02-21 04:34:48 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.