[Freeipa-users] Question on AD to freeipa sync
Stephen Gallagher
sgallagh at redhat.com
Tue Oct 4 13:43:07 UTC 2011
On Tue, 2011-10-04 at 14:53 +0200, Ondrej Valousek wrote:
> Well, small things like sssd can not renew machine credentials /
As Jan said, this is being looked into.
> sssd can not detect local site automatically in AD domain (no "DC
> locator" implemented) /
Can you provide more information here? We DO have support for automatic
detection based on DNS SRV records. Does a "DC locator" use some other
mechanism?
> sssd can not detect/guess AD schema automatically
I'm not sure what you mean by this? Do you mean you don't want to have
to specify ldap_schema = rfc2307bis and have it instead auto-detected?
That's trickier than it sounds.
> / sssd won't configure the krb5 library for me.
What features of the krb5 library do you mean? SSSD provides a locator
plugin that manages several features of the krb5 library, including
kinit and kpasswd.
> Support for group policies & central management & auditing (Centrify
> nicely fills the OperatingSystem attribute for me) would be also nice.
>
These are on our long-term roadmap.
> Most of this is understandable as much of these requests are either
> AD-specific (hard to blame sssd here) or a RFE is already opened for
> such a functionality.
>
> Anyway, it is still a way better than the classic libnss_ldap.so. :-)
That is certainly our goal :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111004/2709b0a1/attachment.sig>
More information about the Freeipa-users
mailing list