Re: Map subjectSid to higher number

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Map subjectSid to higher number
Date: Sun, 06 Oct 2019 13:01:26 +0200

On Wed, 2019-10-02 at 15:01 +0300, Max Mustermann wrote:
> AD Users could have SubjectSid in lower range 1000-3000, which may
> cause a conflict with local users.
> Is there a way to map these values to higher numbers? So for instance
> if the mapped SubjectSid for uidNumber
> and gidNumber is 1008 could it be mapped to something like 101008,
> just to avoid conflicts if the uidNumber is already taken?

You should be able to use nss_uid_offset option to change values found
in the directory to local values. This should also work correctly in
combination with the objectSid mapping.

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

Map subjectSid to higher number, Max Mustermann
- Re: Map subjectSid to higher number, Arthur de Jong

Prev by Date: Map subjectSid to higher number
Next by Date: Re[2]: Map subjectSid to higher number
Previous by thread: Map subjectSid to higher number
Next by thread: Re[2]: Map subjectSid to higher number