#3126 [RFE] Use the trusted realm Global Catalog to resolve Name/SID
Closed: Fixed None Opened 11 years ago by simo.

Currently, for the UI we are using a complex path to access Winbind which will eventually use MS-RPC and schannel against a trusted DC.
This channel is already used for Netlogon operations and is fully serialized due to limitations of schannel.

We should probably switch to use direct LDAP searches against the Global Catalog instead, so that they can be parallelized and can be done directly by multiple processes w/o need of coordination.


As a part of prototype for not using winbindd for resolution, I actually implemented this ticket.

master: fc3834c

ipa-3-0: 4cf3c2d

Metadata Update from @simo:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 3.0.1 (bug fixing)

7 years ago

Login to comment on this ticket.

Metadata