[Freeipa-users] sssd uid mapping from an ad trust

[Alexander Bokovoy]

On Tue, 02 Dec 2014, Nicolas Zin wrote:
>Hi,
>
>the question of the day I should say. In a Redhat7/FreeIPA 3.3
>environment.  In an AD trust relationship, when I connect with an AD
>user to a IDM client, I append to login with a generated uid.
>
>Is there a way to provide a custom algorithm to map the uid from Active
>Directory info.  In our AD, users have a specific login name: composed
>of one character and a uniq number. We wonder if we can translate this
>uniq number into a uid.  I know : another solution the prefered way
>would be to use SFU (Service For Unix), but I wanted to ask before.  I
>guess I know the answer :-)
In FreeIPA 4.1 we introduced support for ID overrides for users coming
from Active Directory. This will hopefully be available in RHEL7.1.

With ID overrides (ID views) you can assign specific POSIX attributes
per each AD user, including but not limited to their UIDs and GIDs (and
user names, if needed).

http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust

You'd need an SSSD that understands ID views too, coming along with
updated IPA.

>PS: another question: is there a good tutorial to use freeIPA xml-rpc
>api (in python). I saw some code but not so much examples
>(https://github.com/encukou/freeipa/blob/master/doc/examples/python-api.py).
There are not so many examples yet. Best way to learn is to read the
code of ipalib/*/* components. ;)
-- 
/ Alexander Bokovoy