Bug 923808
Summary: | Wrong description for backend providers | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Thorsten Scherf <tscherf> |
Component: | doc-Identity_Management_Guide | Assignee: | Deon Ballard <dlackey> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Jenny Severance <jgalipea> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.4 | CC: | dpal, jhrozek |
Target Milestone: | rc | Keywords: | Documentation |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-05-10 03:43:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Thorsten Scherf
2013-03-20 13:51:46 UTC
May be like this? "A domain in SSSD defines four backend functions: authentication, identity lookups, access, and password changes. The SSSD domain is then configured to use a backend provider to supply the information for any one (or all) of those four functions. SSSD requires at least the identity provider to be specified for a domain. If no provider is specified for authentication, access and password change, SSSD uses the identity provider value to determine how other functions should be provided. For example, if identity provider value is 'ldap' other functions will be configured assuming they are provided by the same LDAP server as the identity provider, if identity provider is 'ipa' other functions will be configured assuming they are provided by the same IdM server, etc." I wonder whether this applies to AD provider. I hope so. But what is the access provider for AD? It is same as with LDAP, right? (In reply to comment #1) > I hope so. But what is the access provider for AD? It is same as with LDAP, > right? acess_provider=ad expands to: access_provider=ldap ldap_access_order = expire ldap_account_expire_policy = ad Then we should probably have a table of the defaults. Something like: If only identity provider is specified other back end provider settings are assumed based on the following table: Identity Provider Authentication Access provider Password Change ad ... <Jakub's reply> ... ipa ... ... ... ldap ... ... ... Makes sense? ... - need to be replaced with the actual defaults For "bare" providers the situation is actually very simple, it's always the same value. For "composite" providers like ipa or ad this table would make sense for the subchapters about the providers. Mass closure of bugs modified in 2013. All of these are in the currently-published docs. |