On Thu, Feb 9, 2012 at 5:17 PM, Stephen Gallagher <[email protected]>wrote:
> On Wed, 2012-02-08 at 20:04 +0100, Marco Pizzoli wrote: > > Hi guys, > > I looked at the roadmap and I see the "AD integration feature" > > section. > > Please, could you explain to me what this intended to be? What is this > > more than the normal LDAP support? > > Also pointers to documentation already posted somewhere would possibly > > be of help... > > > Active Directory has several peculiarities that we need to address > directly. The first is that it uses a non-standard LDAP control to > handle retrieving values from an entry if there are more than a certain > number of such values. This makes it difficult to view all of the > members of a very large group. We need to support this "range > extension". > > The other issue is when dealing with Active Directory users when the > administrator has not or cannot add POSIX ID values to the users. In > this case, we need to map the Active Directory's 128-bit > universally-unique identifier (UUID) into a POSIX UID/GID. This is > called id-mapping. > > Some other features that we may support in the future include using DNS > "sites" to select the domain controller to contact. > Now it's clear. Thank you very much indeed! Marco
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
