#1841 document what does access_provider=ad do
Closed: Fixed None Opened 8 years ago by jhrozek.

The sssd-ad manual page does not say what does the access_provider=ad mean and some users would then think it is krb5 access control. We should add that info.


Can you explain here what it is?

The access_provider=ad checks if the user is expired or not. Basically it would expand to:

access_provider=ldap
ldap_access_order = expire
ldap_account_expire_policy = ad

Fields changed

owner: somebody => jhrozek
patch: 0 => 1

For the record, that's only the current behavior of the AD access_provider. When I built it, I designed it to be a full access provider with the possibility of multiple stages (like the IPA access_provider). In the first pass, I only handled password policy, but the plan was to be able to also support eventually a GPO-based authorization check.

cc: => sgallagh

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta

This is proposed for RHEL6, too and I'd like to keep the RHEL6 code close to the sssd-1-9 branch, so I'll move the ticket to 1.9.5 upstream.

milestone: SSSD 1.10 beta => SSSD 1.9.5

resolution: => fixed
status: new => closed

Replying to [comment:4 sgallagh]:

For the record, that's only the current behavior of the AD access_provider. When I built it, I designed it to be a full access provider with the possibility of multiple stages (like the IPA access_provider). In the first pass, I only handled password policy, but the plan was to be able to also support eventually a GPO-based authorization check.

Right, when (hopefully not if) we get to extending the password policy, we'll have to amend the man page as well.

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.9.5

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2883

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata