> On Tue, 2011-10-04 at 14:53 +0200, Ondrej Valousek wrote: > > Well, small things like sssd can not renew machine credentials / > > As Jan said, this is being looked into. > > > sssd can not detect local site automatically in AD domain (no "DC > > > > locator" implemented) / > > Can you provide more information here? We DO have support for automatic > detection based on DNS SRV records. Does a "DC locator" use some other > mechanism? > > > sssd can not detect/guess AD schema automatically > > I'm not sure what you mean by this? Do you mean you don't want to have > to specify ldap_schema = rfc2307bis and have it instead auto-detected? > > That's trickier than it sounds. > > > / sssd won't configure the krb5 library for me. > > What features of the krb5 library do you mean? SSSD provides a locator > plugin that manages several features of the krb5 library, including > kinit and kpasswd.
Also some more are already scheduled for 1.8 release. See tickets 997-1001 > > Support for group policies & central management & auditing (Centrify > > nicely fills the OperatingSystem attribute for me) would be also nice. > > These are on our long-term roadmap. > > > Most of this is understandable as much of these requests are either > > AD-specific (hard to blame sssd here) or a RFE is already opened for > > such a functionality. > > > > Anyway, it is still a way better than the classic libnss_ldap.so. :-) > > That is certainly our goal :) -- Thank you Jan Zeleny Red Hat Software Engineer Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
