[Freeipa-users] domain trust linux to AD server not finding user profiles
Loris Santamaria
loris at lgs.com.ve
Wed Oct 8 13:22:34 UTC 2014
El mar, 07-10-2014 a las 20:01 -0400, Dmitri Pal escribió:
>
> The users and related information are not fetched until you
> authenticate as this user.
> The ability to fetch users and groups that are not yet authenticated
> is tracked by the ticket https://fedorahosted.org/sssd/ticket/2159 and
> will be addressed in the next version of SSSD.
> How frequently do you really need to lookup unauthenticated AD users
> and AD groups on linux systems? What is the use case?
>
> The ticket above is for the cases when there is an application that
> needs to fetch the user so that admin of the application can assign
> privileges to this user. But this is a pretty corner case.
It is a pretty common request when you configure a proxy server with
authentication. You get the user's ticket but the user is not logged in
on the system, so normal group membership via sssd won't work.
Best regards
--
Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve
Links Global Services, C.A. http://www.lgs.com.ve
Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford
More information about the Freeipa-users
mailing list