Learn more about these different git repos.
Other Git URLs
The sssd-ad manual page does not say what does the access_provider=ad mean and some users would then think it is krb5 access control. We should add that info.
Can you explain here what it is?
The access_provider=ad checks if the user is expired or not. Basically it would expand to:
access_provider=ldap ldap_access_order = expire ldap_account_expire_policy = ad
Fields changed
owner: somebody => jhrozek patch: 0 => 1
For the record, that's only the current behavior of the AD access_provider. When I built it, I designed it to be a full access provider with the possibility of multiple stages (like the IPA access_provider). In the first pass, I only handled password policy, but the plan was to be able to also support eventually a GPO-based authorization check.
cc: => sgallagh
milestone: NEEDS_TRIAGE => SSSD 1.10 beta
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=924397
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=924397 924397]
This is proposed for RHEL6, too and I'd like to keep the RHEL6 code close to the sssd-1-9 branch, so I'll move the ticket to 1.9.5 upstream.
milestone: SSSD 1.10 beta => SSSD 1.9.5
resolution: => fixed status: new => closed
Replying to [comment:4 sgallagh]:
Right, when (hopefully not if) we get to extending the password policy, we'll have to amend the man page as well.
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.9.5
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2883
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.