[OpenIndiana-discuss] Code Bounty (Active Directory Integration)
Gordon Ross
gordon.w.ross at gmail.com
Mon Aug 20 22:15:33 UTC 2012
On Fri, Aug 17, 2012 at 4:55 AM, James Relph <james at themacplace.co.uk> wrote:
> Hi Gordon,
>
>
> Apologies, missed this the other day.
>
> My advice would be to make it easier to use IDMU. The modifications
> to AD to support IDMU are quite widely accepted these days, at least
> in organizations that have both Windows and *nix.
>
>
> The problem is that some of the organisations we're used to integrating Mac clients with (tend to be FTSE companies) often are pretty much straight Windows shops, so anything that deviates from their standard is *really* hard to get through change control (especially now where we've been deploying Macs for years that "just work" with AD (to a fairly decent extent)).
>
If you're bringing an illumos based system into "straight Windows
shops" (Windows only), why setup any idmap rules at all? Just let it
use ephemeral IDs. The Windows clients will see SIDs, and all is
well.
The main reason for doing anything more complex with idmap is so that
NFS and/or local applications see "normal" looking UIDs and GIDs.
In an all-Windows envirnonment, you don't care about that.
--
Gordon Ross <gwr at nexenta.com>
Nexenta Systems, Inc. www.nexenta.com
Enterprise class storage for everyone
More information about the OpenIndiana-discuss
mailing list