> On Tue, 2012-03-13 at 16:21 +0100, Jan Zelený wrote:
> > > Fixes
https://fedorahosted.org/sssd/ticket/1031
> > >
> > > This patch creates a set of schema defaults that corresponds to Active
> > > Directory 2008r2. It can be set up simply by specifying
> > > ldap_schema = AD
> > >
> > > Operationally, it behaves like any other RFC2307bis server at this
> > > time. This patch does not remove the requirement for SFU/SUA support
> > > in Active Directory. More enhancements will follow to add support for
> > > AD-specific features.
> >
> > I have couple questions/notes based on observation of values on my
> > testing AD instance:
> >
> > Attribute gecos is apparently not filled by default, wouldn't it be
> > better to use cn?
>
> This is actually the same behavior as on other LDAP servers. The
> expectation is that the GECOS field should be used if it's not empty,
> otherwise it should default to the user's full name. In the SSSD, we
> first check for the 'gecos' attribute and then go to ldap_user_fullname
> (which in the case of RFC 2307 would be "cn", but in AD is
"name").
>
> > I didn't find attribute authorizedService in the AD attribute
> > specification, is it correct?
>
> Hmm, I was actually inconsistent here. I was leaving this in for the
> rare case where an AD admin decided to extend schema to support this.
> However, I made the opposite decision about ldap_user_authorized_host.
>
> Probably it's acceptable to set this to NULL and rely on the admin to
> change it if they end up extending the schema. Fixed in attached patch.
Ack