[Freeipa-devel] [PATCH] 117 extdom: replace winbind calls with POSIX/SSSD calls
Jakub Hrozek
jhrozek at redhat.com
Mon Jul 8 14:17:36 UTC 2013
On Mon, Jul 08, 2013 at 04:15:39PM +0300, Alexander Bokovoy wrote:
> On Mon, 08 Jul 2013, Alexander Bokovoy wrote:
> >On Wed, 03 Jul 2013, Sumit Bose wrote:
> >>Hi,
> >>
> >>with this patch the extdom plugin, the LDAP extended operation that
> >>allows IPA clients with recent SSSD to lookup AD users and groups, will
> >>not use winbind for the lookup anymore but will use SSSD running in
> >>ipa_server_mode.
> >>
> >>Since now no plugin uses the winbind client libraries anymore, the
> >>second patch removes the related configures checks.
> >>
> >>I think for the time being we cannot remove winbind completely because
> >>it might be needed for msbd to work properly in a trusted environment.
> >s/msbd/smbd/
> >
> >ACK. I need to add 'ipa_server_mode = True' support to
> >the installer code and then these patches can go in.
> Actually, the code still doesn't work due to some bug in sssd which
> fails to respond properly to getsidbyname() request in libsss_nss_idmap.
>
> Additionally I've found one missing treatment of domain_name for
> INP_NAME requests.
>
> We are working with Jakub on tracking down what's wrong on SSSD side.
Indeed, there was a casing issue in sysdb. You can continue testing with
lowercase user names in the meantime. A patch is already on the SSSD
list.
More information about the Freeipa-devel
mailing list