[Freeipa-users] SSSD with LDAP not showing secondary groups
Peter Pakos
peter at pakos.uk
Fri Jul 22 14:04:01 UTC 2016
Jakub Hrozek wrote:
> I'm glad it works now, but why did you choose to use the LDAP back end
> over the IPA back end? By using LDAP, you gain the ability to not enroll
> clients with ipa-client-install, but you loose the ease of
> manageability, HBAC, easy SUDO integration, not to mention you need to
> put passwords into the config file..
>
> Well, we wanted a quick solution for migrating all our servers (a mixture
of Centos, Debian, SLES, Ubuntu) from using SSSD with an old LDAP server to
auth against FreeIPA. Since we have all our servers puppetized and using
sudoers files, it was the best approach I could think of.
Can you think of a better way of tackling this?
Now that the dust settles down after the migration, we started enrolling
infrastructure servers to FreeIPA using ipa-client-install.
--
Kind regards,
Peter Pakos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160722/be0aa6b0/attachment.htm>
More information about the Freeipa-users
mailing list