On Fri, Jan 11, 2019 at 6:50 AM Sumit Bose <sb...@redhat.com> wrote: > On Wed, Jan 09, 2019 at 12:47:34PM -0500, vad...@gmail.com wrote: > > Looking for suggestion on ID mapping. > > > > I need to point to a ID provider over proxy > > > > I have not found a concrete solution or some hint about how to setup a > > proxy to a ID provider and how sssd can point to that proxy for ID > mapping. > > Can you rephrase your question? 'ID provider over proxy' should like you > want some more details about SSSD's proxy provider as described in the > sssd.conf man page. But this is unrelated to what I associate typically > with 'ID mapping'. Please give a bit more details about what you are > trying to achieve. > > I am looking for a ID mapping solution. I do see following providers.
“proxy”: Support a legacy NSS provider. “local”: SSSD internal provider for local users (DEPRECATED). “files”: FILES provider. See sssd-files(5) for more information on how to mirror local users and groups into SSSD. “ldap”: LDAP provider. See sssd-ldap(5) for more information on configuring LDAP. “ipa”: FreeIPA and Red Hat Enterprise Identity Management provider. See sssd-ipa(5) for more information on configuring FreeIPA. “ad”: Active Directory provider. See sssd-ad(5) for more information on configuring Active Directory. I am looking for a suggestion. ad - won't work as we will not be provided Administrator password ldap - won't work as IT says not to use LDAP and use kerberos instead for all things UNIX auth and to use /etc/passwd for id (yikes, we have 100s of servers to manage) files - I am not sure how to have a central files for all accounts local - seems deprecated proxy - I am not sure how to set that up, but seems like easier for a central ID provider? Please advise > bye, > Sumit > > > > > All my servers are CentOS 7. > > > > > > -- > > Asif Iqbal > > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > > A: Because it messes up the order in which people normally read text. > > Q: Why is top-posting such a bad thing? > > > _______________________________________________ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org