[Freeipa-users] hesitate to deploy freeipa
Jakub Hrozek
jhrozek at redhat.com
Thu Jun 25 18:46:58 UTC 2015
On Thu, Jun 25, 2015 at 12:30:24PM -0600, Rich Megginson wrote:
> On 06/25/2015 12:12 PM, Thomas Sailer wrote:
> >Am 25.06.2015 um 17:47 schrieb Simo Sorce:
> >
> >>Yes, the whole project is complex, but not because we like complexity,
> >>it is complex because the problem space is complex and we are bound to
> >>use existing protocols, which sometimes add in complexity, and we want
> >>to offer useful features to admins, so they can think about managing
> >>stuff and not about the plumbing all the time.
> >
> >Sure, the problem space is a lot more complex than say ls.
> >
> >But I think there is room for improvement, by making the individual tools
> >somewhat more resilient to unexpected behaviour in other components.
>
> +1 - just look at the bug lists for freeipa, 389, sssd, dogtag, etc.
>
> >
> >For example, if there's any nsuniqueid group present in a users entry,
> >login authentication via sssd breaks with a cryptic error message. It
> >would be nice, IMO, if it didn't break or if it at least issued a better
> >error message.
>
> Sure. For starters, there's https://fedorahosted.org/389/ticket/48161
On the SSSD side there's https://fedorahosted.org/sssd/ticket/2605 to
deal with this problem.
I'm genuinely interested in hearing how we can improve SSSD! Please file
tickets or start threads on sssd-users/sssd-devel!
More information about the Freeipa-users
mailing list