[Freeipa-users] domain trust linux to AD server not finding user profiles

Loris Santamaria loris at lgs.com.ve
Wed Oct 8 13:22:34 UTC 2014

El mar, 07-10-2014 a las 20:01 -0400, Dmitri Pal escribió:

> The users and related information are not fetched until you
> authenticate as this user.
> The ability to fetch users and groups that are not yet authenticated
> is tracked by the ticket https://fedorahosted.org/sssd/ticket/2159 and
> will be addressed in the next version of SSSD.
> How frequently do you really need to lookup unauthenticated AD users
> and AD groups on linux systems? What is the use case?
> The ticket above is for the cases when there is an application that
> needs to fetch the user so that admin of the application can assign
> privileges to this user. But this is a pretty corner case.

It is a pretty common request when you configure a proxy server with
authentication. You get the user's ticket but the user is not logged in
on the system, so normal group membership via sssd won't work.

Best regards

Loris Santamaria   linux user #70506   xmpp:loris at lgs.com.ve
Links Global Services, C.A.            http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:103 at lgs.com.ve
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford

More information about the Freeipa-users mailing list