[Freeipa-users] sssd compatibility with older RHEL 6 minor releases.
Genadi Postrilko
genadipost at gmail.com
Mon Feb 2 21:35:44 UTC 2015
Thank you for your reply.
I think ill go with the first option, it about time to upgrade :).
Genadi.
2015-02-01 2:09 GMT+02:00 Dmitri Pal <dpal at redhat.com>:
> On 01/31/2015 01:37 PM, Genadi Postrilko wrote:
>
> Hello all.
>
> The environment i'm currently working to migrate under IPA identity
> management contains mostly RHEL 6.2 servers.
> I'm planing to use Active Directory Cross Forest Trust for Identities, IPA
> as sudo provider, and all the other goodies that IPA provides.
>
> If i want to enjoy all the new features (at least most of them), i know
> that clients have to be sssd version > 1.9. And if i want IPA to be auto
> configured as sudo provider it has to be sssd > 1.11.
>
> When reading the mailing list i noticed that sssd 1.11 is mentioned as
> feature of rhel 6.6.
> What i would like and understand is what could go wrong if i will install
> sssd 1.11 on rhel 6.2 servers.And what is is your general recommendations
> for older RHEL 6 (minor) releases?
>
>
> It will pull a lot of dependencies and most of your system will look like
> 6.6 system
> Also the upgrade like this might reveal some issues as the upgrades are
> expected to be gradual. 1-2 versions is ok but 4 is quit a big leap.
>
> Overall it is a bit risky to do it.
> You have three options:
> - upgrade properly but probably in two steps 6.2 -> 6.4 -> 6.6
> - use SSSD from 6.2 as is for now. It will have limited functionality but
> can leverage AD users from the trust. You would need to configure SSSD to
> use LDAP for authentication and point to compat tree of IPA to take
> advantage of the trust. See details here:
> http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf
> - take your chances and try a hybrid you propose but it is not a formally
> supported configuration.
>
>
> Thanks in advance,
> Genadi.
>
>
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150202/c71d6c57/attachment.htm>
More information about the Freeipa-users
mailing list