We currently have Open LDAP servers setup as translucent LDAP servers. We use them to overlay additional information on Active Directory accounts to facilitate Linux logons etc. (we do not have any access to the Active Directory environment). Essentially we create LDAP groups and add the users from the upstream Active Directory Domain to these groups.
On the LDAP server we do the following:
Create Groups
Add AD domain users to the created groups
Add attributes; IE Home Dir, UID, GUID, default shell etc to users
Create local accounts
My question is this; can this be accomplished with UCS and if so how?