search

SSSD / sssd

A daemon to manage identity, authentication and authorization for centrally-managed systems.
https://sssd.io
GNU General Public License v3.0
603 stars 247 forks source link

generating uidNumber/gidNumber for non ad setups #7541

Open BlackLotus opened 2 months ago

BlackLotus commented 2 months ago

We operate an openldap. I'm trying to configure sssd to be able to login to a server using it. Our server doesn't provide uidNumber/gidNumber

The documentation states that 

    ldap_id_mapping (boolean) 
    Specifies that SSSD should attempt to map user and group IDs from the ldap_user_objectsid and ldap_group_objectsid attributes instead of relying on ldap_user_uid_number and ldap_group_gid_number.

    Currently this feature supports only ActiveDirectory objectSID mapping.

    Default: false

Since we don't have an AD we can't use this feature. Is there any other way to do this?

sumit-bose commented 2 months ago

Hi,

currently this is not possible. But I'm currently extending the id-mapping code in the context of adding support of Identity Providers (IdP) like e.g. keycloak or Entra ID.

It might be possible to use those extensions for the LDAP provider as well but it was to wait until the IdP support is in a reasonable state.

bye, Sumit

dmitrydonskih commented 2 weeks ago

Hi, I am looking for a way to use SSSD with Keycloak realms. Is there any progress? How can I contribute? UPD. Oh, I've found your repo in fedorainfracloud. I'll give it a good try.

sumit-bose commented 2 weeks ago

Hi, I am looking for a way to use SSSD with Keycloak realms. Is there any progress? How can I contribute? UPD. Oh, I've found your repo in fedorainfracloud. I'll give it a good try.

Hi,

thank you for testing, please do not hesitate to leave any kind of feedback here or on copr.

bye, Sumit