#1962 [RFE] Integrate AD provider lookup code into IPA subdomain user lookup
Closed: Fixed None Opened 5 years ago by sbose.

If the ipa_server_mode is selected IPA subdomain user and group lookups should not be done with the help of the extdom plugin but directly against AD with the help of LDAP of GC lookups. For this the IPA provider must be able to call the related functions from the AD provider. Since by default the POSIX attributes are not replicated to the global catalog and supporting them is a requirement, I think it would be sufficient make sure LDAP lookups are working as expected. Additionally FreeIPA currently supports only one trusted domain global catalog lookups for users and groups from the forest or different forests can be added later.

Since the Kerberos hosts keys from the host keytab should be used as credentials to access AD no changes are expected here.

Fields changed

owner: somebody => jhrozek
status: new => assigned

A sub ticket of the 1.11 feature.

rhbz: => 0

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

  • additional fix in master: caee982

_comment0: * master: caee982 => 1377704762344504

Metadata Update from @sbose:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11 beta

2 years ago

Login to comment on this ticket.