URL:
https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
sumit-bose commented:
"""
I tested the patches with a plain LDAP setup and with and AD. In general they work as
expected and since I think the current code is ok I would ACK the patches so that the
following observations can be fixed later.
First I have a question about the usage of [application/...] domains. Is it expected that
[application/...] requires inherit_from and cannot be configured explicitly? If I use
[domain/....] and domain_type = application it work, but if I replace those two line by
[application/...] SSSD won't start.
'sssctl config-check' does not like if [application/...] has other options then
inherit_from, even the example from the man page causes
'[rule/allowed_application_options]: Attribute 'ldap_user_extra_attrs' is not
allowed in section 'application/ad-app-2'. Check for typos.'
When using [application/...] with the ad provider other domains than the one the client is
joined to are treated as POSIX domains even if only the application domain is listed in in
the domains option of sssd.conf.
Given the last observation it might be useful to say in the man page that currently the
primary and mainly tested use-case is together with the ldap provider and more complex use
cases will be evaluated in upcoming releases?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/215#issuecomment-290360748