Background: Our org has used NIS for 20+ years for UNIX/Linux authentication, continuing thru the present time. Windows and Active Directory came on the scene in our org sometime around 16 years ago, but AD was never used for Linux auth (only using RHEL/CentOS and Ubuntu Linux now, all other *nix has fallen by the wayside.) So, on all of our many Linux resources, we are still using traditional UID/GID ranges for users' files.
Now, management has finally dictated that we need to move to AD for Linux auth, and stop using NIS (no real argument there ;) and so we are working on utilizing SSSD to do this (which seems to be the popular [only?] way to integrate Linux auth against AD.) The issue we are facing is how to associate the old NIS-based UID and GID values for the users to their new AD-based identity. For instance, my AD-auth'd user on a test system has this from getent passwd -s sss wdennis:
root@vm01:~# getent passwd -s sss wdennis
wdennis:*:140001116:140000513:Will Dennis:/home/wdennis:/bin/bash
So obviously the UID/GID is auto-generated, and does not correspond with our current NIS values. In doing some research on AD and its schema, I see that the user attributes include the following:
uidNumbergidNumberunixHomeDirectoryloginShell
My question, can SSSD (or whatever we use to auth) somehow consume the values of uidNumber and gidNumber to map the existing UID/GID of files to the new AD-auth'd user? Or, how else can we associate the existing file ownership info to the AD-auth'd users? (Due to the number of files and machines having them, it's not really possible to chown the files to the new UID/GID vales...)
