Add rid idmapping (replacing existing idmap)

himmelblau-idm / himmelblau

Azure Entra ID Authentication, with PAM and NSS modules.

GNU General Public License v3.0

28 stars 5 forks source link

Add rid idmapping (replacing existing idmap) #102

Closed dmulder closed 4 months ago

dmulder commented 4 months ago

Fixes #

Checklist

[x] This pr contains no AI generated code
[x] cargo fmt has been run
[x] cargo clippy has been run
[ ] A functionality test has been added
[ ] make test has been run and passes

dmulder commented 4 months ago

This has the obvious problem of a higher likelihood of uid collisions. Unfortunately, the 'rid' of a generated SID isn't guaranteed to be unique, as in a on-prem domain.

dmulder commented 4 months ago

This has the obvious problem of a higher likelihood of uid collisions. Unfortunately, the 'rid' of a generated SID isn't guaranteed to be unique, as in a on-prem domain.

It's still an improvement over the current mapping attempt though. This will necessarily be a temporary solution, and is waiting on the Samba and SSSD communities to settle on a proper ID mapping standard.

dmulder commented 4 months ago

Otherwise, I tested this, and it appears to resolve the nss issues which were happening previously. It seems that the previous id mapping attempt was inconsistent in providing ids.