Also, when upgrading, please make sure to upgrade to the 6.6.z version of SSSD
- there were couple important fixes. AFAIK, the version should be
On 02/02/2015 10:35 PM, Genadi Postrilko wrote:
> Thank you for your reply.
> I think ill go with the first option, it about time to upgrade :).
> 2015-02-01 2:09 GMT+02:00 Dmitri Pal <d...@redhat.com>:
>> On 01/31/2015 01:37 PM, Genadi Postrilko wrote:
>> Hello all.
>> The environment i'm currently working to migrate under IPA identity
>> management contains mostly RHEL 6.2 servers.
>> I'm planing to use Active Directory Cross Forest Trust for Identities, IPA
>> as sudo provider, and all the other goodies that IPA provides.
>> If i want to enjoy all the new features (at least most of them), i know
>> that clients have to be sssd version > 1.9. And if i want IPA to be auto
>> configured as sudo provider it has to be sssd > 1.11.
>> When reading the mailing list i noticed that sssd 1.11 is mentioned as
>> feature of rhel 6.6.
>> What i would like and understand is what could go wrong if i will install
>> sssd 1.11 on rhel 6.2 servers.And what is is your general recommendations
>> for older RHEL 6 (minor) releases?
>> It will pull a lot of dependencies and most of your system will look like
>> 6.6 system
>> Also the upgrade like this might reveal some issues as the upgrades are
>> expected to be gradual. 1-2 versions is ok but 4 is quit a big leap.
>> Overall it is a bit risky to do it.
>> You have three options:
>> - upgrade properly but probably in two steps 6.2 -> 6.4 -> 6.6
>> - use SSSD from 6.2 as is for now. It will have limited functionality but
>> can leverage AD users from the trust. You would need to configure SSSD to
>> use LDAP for authentication and point to compat tree of IPA to take
>> advantage of the trust. See details here:
>> - take your chances and try a hybrid you propose but it is not a formally
>> supported configuration.
>> Thanks in advance,
>> Thank you,
>> Dmitri Pal
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>> Manage your subscription for the Freeipa-users mailing list:
>> Go To http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project