[Freeipa-users] SSSD with LDAP not showing secondary groups
Jakub Hrozek
jhrozek at redhat.com
Fri Jul 22 14:24:32 UTC 2016
On Fri, Jul 22, 2016 at 03:04:01PM +0100, Peter Pakos wrote:
> Jakub Hrozek wrote:
>
> > I'm glad it works now, but why did you choose to use the LDAP back end
> > over the IPA back end? By using LDAP, you gain the ability to not enroll
> > clients with ipa-client-install, but you loose the ease of
> > manageability, HBAC, easy SUDO integration, not to mention you need to
> > put passwords into the config file..
> >
> > Well, we wanted a quick solution for migrating all our servers (a mixture
> of Centos, Debian, SLES, Ubuntu) from using SSSD with an old LDAP server to
> auth against FreeIPA. Since we have all our servers puppetized and using
> sudoers files, it was the best approach I could think of.
>
> Can you think of a better way of tackling this?
>
> Now that the dust settles down after the migration, we started enrolling
> infrastructure servers to FreeIPA using ipa-client-install.
Ah, sorry, if you are going through a migration, then it's understandable.
More information about the Freeipa-users
mailing list