On Fri, Aug 30, 2013 at 03:54:54PM +0200, Michał Dwużnik wrote:
> Ok, I somehow assumed certs are very much needed for ldaps...

Well, for most operations the SSSD uses GSSAPI authentication. Only when
passwords are migrated, we do an LDAP bind with StartTLS.

> In the meantime, I set up a debian wheezy machine to try the freeipa-client
> from debs.
> I managed to get working ipa-client (with a few quirks...- default nss
> database needed to be created) with packages from
> deb http://apt.numeezy.fr wheezy main
> deb-src http://apt.numeezy.fr wheezy main.
> So now I have a ready set of debian-like configs for wheezy, making it work
> with squeeze seems easier now (it comes with learning, too...)
> I must admit ipa-client debug option is lovely as a step-by-step guide for
> trying by hand :>
> Going back to thinking whether to try getting ipa on squeeze or getting the
> legacy software working with squeeze...
> (some of the scientists seem to be the happiest if the system is totally
> unchanged for some 20 years...).
> Regards
> Michal
> PS:I do see hope for rooting out the last instance of NIS on the campus :>

Terminate it with extreme prejudice :-)

Freeipa-users mailing list

Reply via email to