[Freeipa-users] IMPORTANT: Your input requested: SSSD LDAP Provider vs Winbind
Stephen Gallagher
sgallagh at redhat.com
Fri Dec 2 15:06:43 UTC 2011
On Fri, 2011-12-02 at 15:59 +0100, Ondrej Valousek wrote:
> Small update so I am not only throwing dirt on winbind:
>
> Winbind has still its use if you can not use / do not have RFC2307
> attributes in AD.
> So simply, if you want to use RFC2307 attributes, sssd is here for
> you. If not, go for winbind. But yet I would not bother about winbind
> plugin for sssd as it does not make too much sense - that's why we
> have Glibc and its /etc/nsswitch.conf!
Well, just to make one point, there are a few advantages to the winbind
backend over pure winbind:
1) SSSD caching instead of nscd
2) Support for multiple AD domains without trust
3) One-to-one mapping of identity domain to authentication domain (so
you're not exposing your password to multiple authentication domains
until you find the right one, as with traditional PAM).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111202/b85094e0/attachment.sig>
More information about the Freeipa-users
mailing list