On Tue, Jul 30, 2013 at 4:24 PM, Dmitri Pal <dpal(a)redhat.com> wrote:
> MSFT is just paranoid about it.
While you may be right, I think that an "ad" provider in SSSD implies that
AD is supported no matter what configuration is being used on the server,
especially if that configuration is "suggested" as indicated by the verbose
log message.
I imagine that this functionality would only need a few more configuration
parameters to work. Namely, ldap_tls_*, ldap_service_port, maybe a few
others? I believe SSSD supports GSSAPI over SSL/TLS when the provider is
LDAP, so, to me, it's a matter of giving more fine-grain control in the
configuration file when the provider is AD.
-Chris