On Wed, 2012-03-14 at 10:42 +0100, Jan Zelený wrote: > > On Tue, 2012-03-13 at 16:21 +0100, Jan Zelený wrote: > > > > Fixes https://fedorahosted.org/sssd/ticket/1031 > > > > > > > > This patch creates a set of schema defaults that corresponds to Active > > > > Directory 2008r2. It can be set up simply by specifying > > > > ldap_schema = AD > > > > > > > > Operationally, it behaves like any other RFC2307bis server at this > > > > time. This patch does not remove the requirement for SFU/SUA support > > > > in Active Directory. More enhancements will follow to add support for > > > > AD-specific features. > > > > > > I have couple questions/notes based on observation of values on my > > > testing AD instance: > > > > > > Attribute gecos is apparently not filled by default, wouldn't it be > > > better to use cn? > > > > This is actually the same behavior as on other LDAP servers. The > > expectation is that the GECOS field should be used if it's not empty, > > otherwise it should default to the user's full name. In the SSSD, we > > first check for the 'gecos' attribute and then go to ldap_user_fullname > > (which in the case of RFC 2307 would be "cn", but in AD is "name"). > > > > > I didn't find attribute authorizedService in the AD attribute > > > specification, is it correct? > > > > Hmm, I was actually inconsistent here. I was leaving this in for the > > rare case where an AD admin decided to extend schema to support this. > > However, I made the opposite decision about ldap_user_authorized_host. > > > > Probably it's acceptable to set this to NULL and rely on the admin to > > change it if they end up extending the schema. Fixed in attached patch. > > Ack
Pushed to master.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
