> On Tue, 2011-10-04 at 14:53 +0200, Ondrej Valousek wrote:
> > Well, small things like sssd can not renew machine credentials /
> 
> As Jan said, this is being looked into.
> 
> >  sssd can not detect local site automatically in AD domain (no "DC
> > 
> > locator" implemented) /
> 
> Can you provide more information here? We DO have support for automatic
> detection based on DNS SRV records. Does a "DC locator" use some other
> mechanism?
> 
> > sssd can not detect/guess AD schema automatically
> 
> I'm not sure what you mean by this? Do you mean you don't want to have
> to specify ldap_schema = rfc2307bis and have it instead auto-detected?
> 
> That's trickier than it sounds.
> 
> > / sssd won't configure the krb5 library for me.
> 
> What features of the krb5 library do you mean? SSSD provides a locator
> plugin that manages several features of the krb5 library, including
> kinit and kpasswd.

Also some more are already scheduled for 1.8 release. See tickets 997-1001

> > Support for group policies & central management & auditing (Centrify
> > nicely fills the OperatingSystem attribute for me) would be also nice.
> 
> These are on our long-term roadmap.
> 
> > Most of this is understandable as much of these requests are either
> > AD-specific (hard to blame sssd here) or a RFE is already opened for
> > such a functionality.
> > 
> > Anyway, it is still a way better than the classic libnss_ldap.so. :-)
> 
> That is certainly our goal :)

-- 
Thank you
Jan Zeleny

Red Hat Software Engineer
Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to