Learn more about these different git repos.
Other Git URLs
Currently, SSSD/AD documentation is basically at:
However, those define some options differently and also do not follow developers' suggestions made elsewhere, e.g., in Bugzilla.
I think it would be helpful to get the story straight in the SSSD wiki page, those instructions can be then propagated further to other guide, like Fedora/RHEL Deployment Guide.
I'll follow up with detailed list of issues and open items.
Open issues with the Wiki guide:
it suggests allowing anonymous bind, this is usually not possible in enterprise environment (so the example configuration should be amended with the needed options to allow non-anonymous bind)
auth_provider different from Fedora Deployment Guide, is ldap or krb5 correct?
chpass_provider is ldap, is it more suitable than krb5?
it suggests adding Identity Management for Unix Role Service but doesn't use posixAccount as is suggested in https://bugzilla.redhat.com/show_bug.cgi?id=683158#c5
offline_credentials_expiration = 1 is unrelated
service autodiscovery should be preferred instead of using krb5_kdcip / krb5_realm
there are no /etc/pam.d/common-* files on Fedora/RHEL
In general, it should be spelled out clearly what changes are needed on AD side (compared to, e.g., 2008R2 defaults) so that users can be sure that their issues can be solved just by adjusting krb5.conf/sssd.conf on the client side.
cc: => elladeon
milestone: NEEDS_TRIAGE => SSSD 1.5.14
owner: somebody => sgallagh
We need to highlight the fact that AD is not fully supported and list the limitations we have against AD.
I've made some updates, the remaining issues include at least:
auth_provider / chpass_provider should be checked
need for / use of posixAccount
reviewing ldap_user_ / ldap_group_ options
milestone: SSSD 1.5.14 => SSSD 1.7.0
I've updated the SSSD/AD wiki page recently and think that the guide is now comprehensive.
I'll let you to review and fine tune the guide and close this ticket.
We have a wiki page now.
resolution: => fixed
status: new => closed
rhbz: => 0
Metadata Update from @myllynen:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.7.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.