On Wed, Aug 07, 2013 at 06:46:48PM +0000, Armstrong, Kenneth Lawrence wrote:
> I have a test environment set up where we have a trust between the IdM domain
> and the AD domain. When we go to log into an IdM client with an AD user, we
> have to use the format of:
> Is there a way to prepend the domain part so that we won't have to type that
> in every time?
I think that you're looking for the "default_domain_suffix" parameter.
>From man sssd.conf:
This string will be used as a default domain name for all names
without a domain name component. The main use case is environments
where the primary domain is intended for managing host policies
and all users are located in a trusted domain. The option allows
those users to log in just with their user name without giving a
domain name as well.
Please note that if this option is set all users from the primary
domain have to use their fully qualified name, e.g. u...@domain.name,
to log in.
Default: not set
The parameter should be set in the [sssd] section, not in the domain section.
Freeipa-users mailing list