Learn more about these different git repos.
Other Git URLs
If the ipa_server_mode is selected IPA subdomain user and group lookups should not be done with the help of the extdom plugin but directly against AD with the help of LDAP of GC lookups. For this the IPA provider must be able to call the related functions from the AD provider. Since by default the POSIX attributes are not replicated to the global catalog and supporting them is a requirement, I think it would be sufficient make sure LDAP lookups are working as expected. Additionally FreeIPA currently supports only one trusted domain global catalog lookups for users and groups from the forest or different forests can be added later.
Since the Kerberos hosts keys from the host keytab should be used as credentials to access AD no changes are expected here.
owner: somebody => jhrozek
status: new => assigned
A sub ticket of the 1.11 feature.
rhbz: => 0
patch: 0 => 1
resolution: => fixed
status: assigned => closed
_comment0: * master: caee982 => 1377704762344504
Metadata Update from @sbose:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11 beta
to comment on this ticket.