Re: [Freeipa-users] Question on AD to freeipa sync

2011-10-04 Thread Ondrej Valousek
I have ~50 servers and yes, we are using Centrify now - and yes, it is pain in the ass (need to take care of the licenses). But I have found out recently that sssd can do much of the Centrify's duty (authorization authentication) - well, it is not so polished, but it seems to work well.

[Freeipa-users] Roadmap Update

2011-10-04 Thread Duncan . Innes
Hi, Is there any chance someone could do a quick update to the Roadmap? I can see from the devel mailing list that there's lots of work going on, but I'm not able to decipher a higher level direction in which things are going. An updated roadmap would help understand the direction of the

Re: [Freeipa-users] Question on AD to freeipa sync

2011-10-04 Thread Stephen Gallagher
On Tue, 2011-10-04 at 09:32 +0200, Ondrej Valousek wrote: I have ~50 servers and yes, we are using Centrify now - and yes, it is pain in the ass (need to take care of the licenses). But I have found out recently that sssd can do much of the Centrify's duty (authorization authentication) -

Re: [Freeipa-users] ipa user/group-mod --setattr can't remove objectclass

2011-10-04 Thread Rob Crittenden
Stephen Ingram wrote: Rob- I think this works. I'm not totally sure because I keep getting strange schema violation errors. Perhaps it is the way each --setattr option is evaluated by the directory. I'm going to have to dig deeper to find out. setattr are evaluated first, so the setattr wipes

Re: [Freeipa-users] Question on AD to freeipa sync

2011-10-04 Thread Ondrej Valousek
Well, small things like sssd can not renew machine credentials / sssd can not detect local site automatically in AD domain (no DC locator implemented) / sssd can not detect/guess AD schema automatically / sssd won't configure the krb5 library for me. Support for group policies central

Re: [Freeipa-users] Question on AD to freeipa sync

2011-10-04 Thread Jan Zelený
Well, small things like sssd can not renew machine credentials Something like this is already registered as a bachelor's thesis and it should be done by the end of May. If you have any special requests or you want to know some details, write me a private email, I consult with the student on a

Re: [Freeipa-users] Question on AD to freeipa sync

2011-10-04 Thread Stephen Gallagher
On Tue, 2011-10-04 at 14:53 +0200, Ondrej Valousek wrote: Well, small things like sssd can not renew machine credentials / As Jan said, this is being looked into. sssd can not detect local site automatically in AD domain (no DC locator implemented) / Can you provide more information here?

Re: [Freeipa-users] Question on AD to freeipa sync

2011-10-04 Thread Jan Zelený
On Tue, 2011-10-04 at 14:53 +0200, Ondrej Valousek wrote: Well, small things like sssd can not renew machine credentials / As Jan said, this is being looked into. sssd can not detect local site automatically in AD domain (no DC locator implemented) / Can you provide more

Re: [Freeipa-users] Question on AD to freeipa sync

2011-10-04 Thread Simo Sorce
On Tue, 2011-10-04 at 09:43 -0400, Stephen Gallagher wrote: sssd can not detect local site automatically in AD domain (no DC locator implemented) / Can you provide more information here? We DO have support for automatic detection based on DNS SRV records. Does a DC locator use some other

Re: [Freeipa-users] Roadmap Update

2011-10-04 Thread Dmitri Pal
On 10/04/2011 06:23 PM, Dmitri Pal wrote: On 10/04/2011 06:42 AM, duncan.in...@virginmoney.com wrote: Hi, Is there any chance someone could do a quick update to the Roadmap? I can see from the devel mailing list that there's lots of work going on, but I'm not able to decipher a higher level