Learn more about these different git repos.
Other Git URLs
Assume the setup when there is an AD as authoritative source of the identities and there is an IPA integrated via trust feature. SSSD is enrolled with IPA domain.
In the current implementation of the trusts any user from a trusted domain has to provide a FQ name when logging via SSSD. It is the way how the trusted domains work in Windows.
However realistically in most cases:
- Users that have access to Linux systems will come from a single AD domain
- The IdM domain would not have users (other than admin)
- The company policy requires users to authenticate against AD
For such case (which is expected to be a majority use case) the sssd should have an option to provide the automatic domain expansion for the users with the short name. Without such option the users from trusted AD domains would have to type FQ name every single time when they log in. This is a big burden and would be a barrier for adoption of the IPA trust solution.
default_domain_suffix = foo
If this setting is present SSSD would append @foo for any user who tries to log in with a short name first before assuming that it is a user from the first domain that is configured.
The option can alternatively be introduced in the ipa domain config section if such approach is more logical than a global setting.
milestone: NEEDS_TRIAGE => SSSD 1.9.1
rhbz: => 0
owner: somebody => sbose
status: new => assigned
patch: 0 => 1
resolution: => fixed
status: assigned => closed
Metadata Update from @dpal:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.9.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.