According to RFC6806 a KDC can return a client referral if it cannot handle an enterprise principal itself but knows a KDC which might be able to handle it. For IPA this might be the case in an environment with trusts.
If the IPA KDC receives an AS-REQ with an enterprise principal from a trusted realm it should return a client referral.
Merge KDC LDAP components to one.
Duplicates: #3983 and #4174.
This feature may be required/useful for the cases when FreeIPA user logs in to AD - i.e. related to #3125.
We reviewed this ticket together with Dmitri and Simo and decided to postpone it as we do not have enough resources to finish it within 4.0 time frame.
No time to finish before 4.2 GA, moving to later release.
I talked to Alexander, we decided to treat this one as a bug, rather than enhancement.
FreeIPA 4.2.1 was released, moving to 4.2.2.
Metadata Update from @sbose:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 4.2.2
to comment on this ticket.