I'm currently working on patches to allow LDAPS as well and make sure that SASL/GSSAPI/GSS-SPNEGO are set up so that it can be used together with TLS. HTH
Good morning, Is there an expected eta for the patches to be available?
Pending that,
Is it possible to have two "ldap" providers in the same domain with different ldap settings? For example, if using ad for auth_provider and ldap for id/access providers
[domain/example.com] auth_provider = ldap auth_provider ldap server x.example.com id_provider = ldap id_provider ldap server y.example.com
Such that the ad auth provider can now use ldap TLS/SSL to the password server, but identity can still be managed by another server? This may seen to be a weird setup, but it allows separation of roles/responsibilities.
Thanks Gary
sssd-users@lists.fedorahosted.org