On Tue, 2011-10-04 at 14:53 +0200, Ondrej Valousek wrote:
> Well, small things like sssd can not renew machine credentials /

As Jan said, this is being looked into.

>  sssd can not detect local site automatically in AD domain (no "DC
> locator" implemented) /

Can you provide more information here? We DO have support for automatic
detection based on DNS SRV records. Does a "DC locator" use some other

> sssd can not detect/guess AD schema automatically

I'm not sure what you mean by this? Do you mean you don't want to have
to specify ldap_schema = rfc2307bis and have it instead auto-detected?

That's trickier than it sounds.

> / sssd won't configure the krb5 library for me.

What features of the krb5 library do you mean? SSSD provides a locator
plugin that manages several features of the krb5 library, including
kinit and kpasswd.

> Support for group policies & central management & auditing (Centrify
> nicely fills the OperatingSystem attribute for me) would be also nice.

These are on our long-term roadmap.

> Most of this is understandable as much of these requests are either
> AD-specific (hard to blame sssd here) or a RFE is already opened for
> such a functionality.
> Anyway, it is still a way better than the classic libnss_ldap.so. :-) 

That is certainly our goal :)

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-users mailing list

Reply via email to