Thank you. So what I need is the container in AD to put all automount attributes, and this
supposed to be a standard
exercise for AD admin?
Longina
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Ondrej Valousek
Sent: 17. april 2014 10:47
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] Announcing SSSD 1.11.5
RFC2307 support comes with Windows Server 2003R2 and newer domain controllers, so unless
you have ancient AD, the support is already there.
O.
________________________________________
From: sssd-users-bounces(a)lists.fedorahosted.org
[sssd-users-bounces(a)lists.fedorahosted.org] on behalf of Longina Przybyszewska
[longina(a)sdu.dk]
Sent: Wednesday, April 16, 2014 11:22 AM
To: 'End-user discussions about the System Security Services Daemon'
Subject: Re: [SSSD-users] Announcing SSSD 1.11.5
How can I find out if my AD supports RFC2307 automounter schema?
longina
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Ondrej Valousek
Sent: 10. april 2014 10:28
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] Announcing SSSD 1.11.5
Thanks Jakub,
Is the link to the schema mentioned somewhere? I can not find it on the wiki page of the
project.
As of the automounter, I would vote for using RFC2307 automounter schema when dealing with
the AD.
I.e. the following mapping:
ldap_autofs_entry_key = cn
ldap_autofs_entry_object_class = nisObject
ldap_autofs_entry_value = nisMapEntry
ldap_autofs_map_name = nisMapName
ldap_autofs_map_object_class = nisMap
The advantage is that:
- RFC2307 is still a standard 9albeit bit older than RFC2307bis)
- you do not have to extend the AD schema for this (which could be a troublesome operation
in many companies)
And besides, I am using this configuration happily for quite some time :) Ondrej
________________________________________
From: sssd-users-bounces(a)lists.fedorahosted.org
[sssd-users-bounces(a)lists.fedorahosted.org] on behalf of Jakub Hrozek
[jhrozek(a)redhat.com]
Sent: Wednesday, April 09, 2014 6:58 PM
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] Announcing SSSD 1.11.5
On Wed, Apr 09, 2014 at 01:03:38PM +0000, Ondrej Valousek wrote:
Hi Jakub,
Great news, I have questions:
1. If we use AD as the sudo provider, does it mean the same ldap schema is expected for
sudo rules? If yes, it would mean system admin would have to extend the AD schema to
accommodate the SUDO needs, right?
Yes, we expect the same schema as described in
http://www.sudo.ws/sudo/sudoers.ldap.man.html
Maybe it would be also helpful to see how I tested the feature and compare that with your
environment:
https://lists.fedorahosted.org/pipermail/sssd-devel/2014-February/018663....
2. Is something similar possible with the autofs provider? I.e.
"autofs_provider = ad"?
Yes, but nobody wrote the patch so far. The patch would be nearly trivial, but the big
question for me so far was -- what schema is mostly used for automounter maps in AD
environments? We need to set some reasonable defaults.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users