#3672 Add support for PADL pam_ldap/nss_ldap configurations to ipa-advise
Closed: Fixed None Opened 9 years ago by abbra.

Create configuration module for ipa-client-advise that will generate a scriptlet with recommendations to create multiple configurations for PADL pam_ldap/nss_ldap which do not support IPA cross-realm trusts with AD directly.

The scriptlet should suggest creating multiple configuration files for pam_ldap, configuring two instances of pam_ldap in PAM stack (with different configs) and and multiple search bases for nss_ldap: one for IPA itself, one for AD compatibility tree.

The configuration details are gathered in the following feature description: ​http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts#Major_configuration_options_and_enablement

Use name consistent with ipa-client-install, ipa-client-automount.

Moving open tickets to next month bucket.

6e28e70 Add new command compat-is-enabled[[BR]]
efe5a96 Enable running API commands in ipa-advise plugins[[BR]]
fc3f3c9 Add ipa-advise plugins for legacy clients[[BR]]

The last changeset only adds support for old SSSD clients, not pam_ldap. Reopening to amend with pam_ldap/nss_ldap support which is required for older FreeBSD and other GNU/Linux distributions.

This is needed for 3.3.x functionality (and tests). Pushed to ipa-3-3

ipa-3-3: f3aa3c4

Metadata Update from @abbra:
- Issue assigned to akrivoka
- Issue set to the milestone: FreeIPA 3.3.x - 2013/10 (bug fixing)

5 years ago

Login to comment on this ticket.