On Tue, 2011-10-04 at 14:53 +0200, Ondrej Valousek wrote: > Well, small things like sssd can not renew machine credentials /
As Jan said, this is being looked into. > sssd can not detect local site automatically in AD domain (no "DC > locator" implemented) / Can you provide more information here? We DO have support for automatic detection based on DNS SRV records. Does a "DC locator" use some other mechanism? > sssd can not detect/guess AD schema automatically I'm not sure what you mean by this? Do you mean you don't want to have to specify ldap_schema = rfc2307bis and have it instead auto-detected? That's trickier than it sounds. > / sssd won't configure the krb5 library for me. What features of the krb5 library do you mean? SSSD provides a locator plugin that manages several features of the krb5 library, including kinit and kpasswd. > Support for group policies & central management & auditing (Centrify > nicely fills the OperatingSystem attribute for me) would be also nice. > These are on our long-term roadmap. > Most of this is understandable as much of these requests are either > AD-specific (hard to blame sssd here) or a RFE is already opened for > such a functionality. > > Anyway, it is still a way better than the classic libnss_ldap.so. :-) That is certainly our goal :)
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users