<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:9pt" ><div dir="ltr" >> My understanding, after talking to expert people here, is that I should use the RFC2307 model for ID mapping (described here: <a href="https://goo.gl/XvqHDH">https://goo.gl/XvqHDH</a>). The problem is</div>
<div dir="ltr" >> that our ID schema is slightly different than that one described in RFC2307. In the RFC the relevant user identification fields are named "uidNumber" and "gidNumber". > But in our AD database schema we have:<br>><br>> # egrep 'uid_number|gid_number' /etc/sssd/sssd.conf<br>> ldap_user_uid_number = msSFU30UidNumber<br>> ldap_user_gid_number = msSFU30GidNumber<br>> ldap_group_gid_number = msSFU30GidNumber<br>><br>> My question is: is it possible to configure CES to look for the custom field labels (those ones listed above) instead the default ones officially described in rfc2307 ?<br> </div>
<div dir="ltr" >mmuserauth only supports the rfc2307 attributes for Active Directory. That is the tested and supported configuration. The attribute names from the sssd configuration look like the "old" SFU attributes are used. You could try going through "mmuserauth service create --type ad ..." and then switching the internal configuration to use the SFU attributes:</div>
<div dir="ltr" >/usr/lpp/mmfs/bin/net conf setparm global 'idmap config DOMAINNAME : schema_mode' sfu</div>
<div dir="ltr" > </div>
<div dir="ltr" >Then restart gpfs-winbind on all protocol nodes or use "mmces service" to stop and start SMB on all protocol nodes.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Note that we have not tested this configuration, so if that should be supported in a possible future release, please open a RFE.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Regards,</div>
<div dir="ltr" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial;font-size:10.5pt" ><div dir="ltr" ><br><span style="font-size:0.857em;" ><span style="font-family: Verdana,Geneva,sans-serif;" >Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ<br>christof.schmitt@us.ibm.com || +1-520-799-2469 (T/L: 321-2469)</span></span></div></div></div></div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: "Dorigo Alvise (PSI)" <alvise.dorigo@psi.ch><br>Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>To: "gpfsug-discuss@spectrumscale.org" <gpfsug-discuss@spectrumscale.org><br>Cc:<br>Subject: [gpfsug-discuss] Question concerning integration of CES with AD authentication system<br>Date: Thu, May 24, 2018 1:45 AM<br> <br><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" >-->
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;" >Dear members,<br>at PSI I'm trying to integrate the CES service with our AD authentication system.<br><br>My understanding, after talking to expert people here, is that I should use the RFC2307 model for ID mapping (described here: https://goo.gl/XvqHDH). The problem is that our ID schema is slightly different than that one described in RFC2307. In the RFC the relevant user identification fields are named "uidNumber" and "gidNumber". But in our AD database schema we have:<br><br># egrep 'uid_number|gid_number' /etc/sssd/sssd.conf<br>ldap_user_uid_number = msSFU30UidNumber<br>ldap_user_gid_number = msSFU30GidNumber<br>ldap_group_gid_number = msSFU30GidNumber<br><br>My question is: is it possible to configure CES to look for the custom field labels (those ones listed above) instead the default ones officially described in rfc2307 ?<br><br>many thanks.<br>Regards,<br><br> Alvise Dorigo</div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></font></div></blockquote>
<div dir="ltr" > </div></div><BR>