[Freeipa-users] sssd shows deleted users as well
Jakub Hrozek
jhrozek at redhat.com
Fri Jul 22 13:24:36 UTC 2016
On Fri, Jul 22, 2016 at 06:17:32PM +0530, Rakesh Rajasekharan wrote:
> My specific requirement for having "enumerate=TRUE" was , we have a build
> server with the jenkins set up.
> And for authentication jenkins tries to get the localusers on the system.
I'm not sure what you mean by localusers, but does Jenkins really use
some sort of interface that lists all users through the system
interface? IIRC Jenkins is written in Java, so I would expect some
native Java connector instead..
>
> I should be able to get through that by configuring Jenkins to use LDAP
> instead of the local users.
>
> But are there any other reasons for recommending against "enumerate=TRUE",
> i recall reading somewhere as well not to use this specific setting.
- performance
- in general (because it's not the default and few people use
enumeration), less tested than the defaul
- idviews don't work
- trusted AD users can't be enumerated at all
More information about the Freeipa-users
mailing list