Issue #2825: Add algorithmic SIDs to local users and groups - freeipa

freeipa

#2825 Add algorithmic SIDs to local users and groups

Closed: Fixed None Opened 11 years ago by sbose.

Simo proposed the following scheme:

We define 2 ranges, 200k each, the first range has direct UIG/GID - base
-> SID + 1st range base translation. The second range includes SIDs
exclusively if a group conflicts with a User ID.
The only things SSSD needs to know are the ranges and their bases.

So if we have IPA ID range 1200000 - 1399999 we allocate 2 SID ranges in
our own domain: 1000 - 200999 and 201000 - 400999

a UID/GID of 1200123 -> S-<domain>-1123
a conflicintg GID of 1200456 -> S-<domain>-201456

SSSD only needs to know: ID-base: 1200000, range 200000, SID-std base:
1000, range 200000, SID-ext base: 201000, range 200000

mkosek commented 11 years ago

master: 65ad261

mkosek commented 10 years ago

Rename "trusts" component to "Trusts" to achieve correct sorting.

Metadata Update from @sbose:
- Issue assigned to sbose
- Issue set to the milestone: FreeIPA 3.0 Trust Effort - 2012/06

7 years ago

Metadata

Assignee

sbose

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 3.0 Trust Effort - 2012/06

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

Trusts

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#2825 Add algorithmic SIDs to local users and groups Closed: Fixed None Opened 11 years ago by sbose.

Metadata

#2825 Add algorithmic SIDs to local users and groups

Closed: Fixed None Opened 11 years ago by sbose.