Create configuration module for ipa-client-advise that will generate a scriptlet with recommendations to create multiple configurations for PADL pam_ldap/nss_ldap which do not support IPA cross-realm trusts with AD directly.
The scriptlet should suggest creating multiple configuration files for pam_ldap, configuring two instances of pam_ldap in PAM stack (with different configs) and and multiple search bases for nss_ldap: one for IPA itself, one for AD compatibility tree.
The configuration details are gathered in the following feature description: http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts#Major_configuration_options_and_enablement
Use name consistent with ipa-client-install, ipa-client-automount.
Moving open tickets to next month bucket.
6e28e70 Add new command compat-is-enabled[[BR]] efe5a96 Enable running API commands in ipa-advise plugins[[BR]] fc3f3c9 Add ipa-advise plugins for legacy clients[[BR]]
The last changeset only adds support for old SSSD clients, not pam_ldap. Reopening to amend with pam_ldap/nss_ldap support which is required for older FreeBSD and other GNU/Linux distributions.
Move to 3.4.
master: 92cd987
This is needed for 3.3.x functionality (and tests). Pushed to ipa-3-3
ipa-3-3: f3aa3c4
Metadata Update from @abbra: - Issue assigned to akrivoka - Issue set to the milestone: FreeIPA 3.3.x - 2013/10 (bug fixing)
Login to comment on this ticket.