generating uidNumber/gidNumber for non ad setups

[BlackLotus]

We operate an openldap. I'm trying to configure sssd to be able to login to a server using it. Our server doesn't provide uidNumber/gidNumber

The documentation states that

    ldap_id_mapping (boolean) 
    Specifies that SSSD should attempt to map user and group IDs from the ldap_user_objectsid and ldap_group_objectsid attributes instead of relying on ldap_user_uid_number and ldap_group_gid_number.

    Currently this feature supports only ActiveDirectory objectSID mapping.

    Default: false 

Since we don't have an AD we can't use this feature. Is there any other way to do this?

[sumit-bose]

Hi,

currently this is not possible. But I'm currently extending the id-mapping code in the context of adding support of Identity Providers (IdP) like e.g. keycloak or Entra ID.

It might be possible to use those extensions for the LDAP provider as well but it was to wait until the IdP support is in a reasonable state.

bye,
Sumit

[dmitrydonskih]

Hi,
I am looking for a way to use SSSD with Keycloak realms. Is there any progress? How can I contribute?
UPD. Oh, I've found your repo in fedorainfracloud. I'll give it a good try.

[sumit-bose]

Hi, I am looking for a way to use SSSD with Keycloak realms. Is there any progress? How can I contribute? UPD. Oh, I've found your repo in fedorainfracloud. I'll give it a good try.

Hi,

thank you for testing, please do not hesitate to leave any kind of feedback here or on copr.

bye,
Sumit