Thank you for your reply. I think ill go with the first option, it about time to upgrade :).
Genadi. 2015-02-01 2:09 GMT+02:00 Dmitri Pal <d...@redhat.com>: > On 01/31/2015 01:37 PM, Genadi Postrilko wrote: > > Hello all. > > The environment i'm currently working to migrate under IPA identity > management contains mostly RHEL 6.2 servers. > I'm planing to use Active Directory Cross Forest Trust for Identities, IPA > as sudo provider, and all the other goodies that IPA provides. > > If i want to enjoy all the new features (at least most of them), i know > that clients have to be sssd version > 1.9. And if i want IPA to be auto > configured as sudo provider it has to be sssd > 1.11. > > When reading the mailing list i noticed that sssd 1.11 is mentioned as > feature of rhel 6.6. > What i would like and understand is what could go wrong if i will install > sssd 1.11 on rhel 6.2 servers.And what is is your general recommendations > for older RHEL 6 (minor) releases? > > > It will pull a lot of dependencies and most of your system will look like > 6.6 system > Also the upgrade like this might reveal some issues as the upgrades are > expected to be gradual. 1-2 versions is ok but 4 is quit a big leap. > > Overall it is a bit risky to do it. > You have three options: > - upgrade properly but probably in two steps 6.2 -> 6.4 -> 6.6 > - use SSSD from 6.2 as is for now. It will have limited functionality but > can leverage AD users from the trust. You would need to configure SSSD to > use LDAP for authentication and point to compat tree of IPA to take > advantage of the trust. See details here: > http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf > - take your chances and try a hybrid you propose but it is not a formally > supported configuration. > > > Thanks in advance, > Genadi. > > > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project