WAD groups discovered by SSSD and imported in the stx platform
need to have Linux IDs so that WAD users in these groups can perform
privileged operations according to the group permissions.
An example would be the "sys_protected" group. In order to be able to
allow the WAD "sys_protected" user to execute privileged operations
with the stx platform applications, the same way as a native stx
platform user would do, the "sys_protected" group needs to be assigned
the GID number "345" when discovered with SSSD.
This commit is configuring SSSD to achieve that because by default the
the WAD users/groups are mapped to Linux users/groups on stx platform
using Windows Security Identifiers (SIDs).
On the WAD server, the "sys_protected" WAD group's Posix schema
attribute "gidNumber" would have been populated already as "345",
before the SSSD connects to WAD server. Similarly, the WAD user's
"uidNumber" attribute needs to be populated in the WAD server.
This commit also optimizes the SSSD sudo rules search.
Test Plan:
PASS: Successful install in AIO-SX system configuration.
PASS: The Linux uid and gid configuration for users and groups
respectively is configured correctly in sssd.conf.
PASS: SSSD service is successfully started.
PASS: Verify SSSD caches WAD users and groups and they have
the Linux IDs set correctly.
PASS: Verify remote ssh connection for discovered WAD ldap users.
PASS: Verify WAD users in "sys_protected" WAD group can perform
privileged operations like "source /etc/platform/openrc".
PASS: SSSD sudo rules search works as expected and the sudo rules
are discovered.
Story: 2010589
Task: 48010
Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
Change-Id: I452b1097c607cd270bd56f03f7eba0d1f21f325c
e356cbbefb