On Fri, Jan 11, 2019 at 6:50 AM Sumit Bose <sb...@redhat.com> wrote:
> On Wed, Jan 09, 2019 at 12:47:34PM -0500, vad...@gmail.com wrote:
> > Looking for suggestion on ID mapping.
> >
> > I need to point to a ID provider over proxy
> >
> > I have not found a concrete solution or some hint about how to setup a
> > proxy to a ID provider and how sssd can point to that proxy for ID
> mapping.
>
> Can you rephrase your question? 'ID provider over proxy' should like you
> want some more details about SSSD's proxy provider as described in the
> sssd.conf man page. But this is unrelated to what I associate typically
> with 'ID mapping'. Please give a bit more details about what you are
> trying to achieve.
>
>
I am looking for a ID mapping solution. I do see following providers.
“proxy”: Support a legacy NSS provider.
“local”: SSSD internal provider for local users (DEPRECATED).
“files”: FILES provider. See sssd-files(5) for more information
on how to mirror local users and groups into SSSD.
“ldap”: LDAP provider. See sssd-ldap(5) for more information on
configuring LDAP.
“ipa”: FreeIPA and Red Hat Enterprise Identity Management
provider. See sssd-ipa(5) for more information on
configuring FreeIPA.
“ad”: Active Directory provider. See sssd-ad(5) for more
information on configuring Active Directory.
I am looking for a suggestion.
ad - won't work as we will not be provided Administrator password
ldap - won't work as IT says not to use LDAP and use kerberos
instead for all things UNIX auth
and to use /etc/passwd for id (yikes, we have 100s of
servers to manage)
files - I am not sure how to have a central files for all
accounts
local - seems deprecated
proxy - I am not sure how to set that up, but seems like easier
for a central ID provider?
Please advise
> bye,
> Sumit
>
> >
> > All my servers are CentOS 7.
> >
> >
> > --
> > Asif Iqbal
> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
>
> > _______________________________________________
> > sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
