[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux AD Integration with consistent UID and GID

Scott Rouse <grim76@grim76.net> writes:

> I have been asked to integrate our linux systems with our AD
> infrastructure.  I have been looking at some of the options that are
> available, but I am concerned about UID/GID mappings.  I would like to
> have the UIDs and GIDs be consistent across systems so NFS and other
> such animals work properly.

If extending your Active Directory schema to include the NIS schema and
provide UIDs and GIDs is an option, that's going to be the simplest on the
Linux side.  It's definitely possible; the question is whether your Active
Directory admins are willing to do and maintain the work.

You can then use nss-pam-ldapd to read the UID/GID mappings from AD.  (You
want the *d version, since it has a thin shim plugin and a daemon that
does good caching.  The non-*d version embeds the full LDAP libraries into
the process space of each application calling getpwnam() and friends,
which causes all sorts of interesting issues.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: