RSS feed

Re: a new library for ID mapping

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: a new library for ID mapping

On Thu, 2012-02-09 at 17:47 +0100, Jakub Hrozek wrote:
> a new library to map Active Directory SIDs onto UNIX IDs was submitted to
> the sssd-devel upstream mailing list today[1]. Currently we plan on using
> it on both the server side (FreeIPA) and the client side (SSSD).
> We were wondering if using this library would be beneficial to nss-pam-ldapd
> especially in environments where some clients would run SSSD and some
> would run nss-pam-ldap?
> Would you accept a patch that would (perhaps based on configure flags)
> enable using this library to for ID mapping in nss-pam-ldapd?

I've had a quick look and it looks interesting.

The nss-pam-ldapd 0.8 series already has some support for using the
objectSid attribute for extracting the uidNumber (and gidNumber)
attribute from.

The basics of the implementation can be found here:

The only difficulty we ran into was that extracting binary attributes
from search results which doesn't work well with ldap_get_values():

Do you know what the main differences are? (I still haven't looked too
deeply into sssd internals)


-- arthur - - --
To unsubscribe send an email to or see