[Freeipa-users] Question on AD to freeipa sync
Jan Zelený
jzeleny at redhat.com
Tue Oct 4 13:55:24 UTC 2011
> On Tue, 2011-10-04 at 14:53 +0200, Ondrej Valousek wrote:
> > Well, small things like sssd can not renew machine credentials /
>
> As Jan said, this is being looked into.
>
> > sssd can not detect local site automatically in AD domain (no "DC
> >
> > locator" implemented) /
>
> Can you provide more information here? We DO have support for automatic
> detection based on DNS SRV records. Does a "DC locator" use some other
> mechanism?
>
> > sssd can not detect/guess AD schema automatically
>
> I'm not sure what you mean by this? Do you mean you don't want to have
> to specify ldap_schema = rfc2307bis and have it instead auto-detected?
>
> That's trickier than it sounds.
>
> > / sssd won't configure the krb5 library for me.
>
> What features of the krb5 library do you mean? SSSD provides a locator
> plugin that manages several features of the krb5 library, including
> kinit and kpasswd.
Also some more are already scheduled for 1.8 release. See tickets 997-1001
> > Support for group policies & central management & auditing (Centrify
> > nicely fills the OperatingSystem attribute for me) would be also nice.
>
> These are on our long-term roadmap.
>
> > Most of this is understandable as much of these requests are either
> > AD-specific (hard to blame sssd here) or a RFE is already opened for
> > such a functionality.
> >
> > Anyway, it is still a way better than the classic libnss_ldap.so. :-)
>
> That is certainly our goal :)
--
Thank you
Jan Zeleny
Red Hat Software Engineer
Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111004/af1ad636/attachment.sig>
More information about the Freeipa-users
mailing list