On Wed, Oct 19, 2011 at 04:38:16PM +1100, Greg.Lehmann(a)csiro.au wrote:
I have been reading up on SUA and can't see any mention of
LDAP changes
being made when SUA is enabled. As far as I can see all the posix bits are
already there and SSSD should work fine without SUA. I'd really like to
know why I need SUA as it involves a whole lot of other changes in AD that
I don't particularly want. We have Windows Server 2008 R2.
TIA
Greg
You're absolutely right, WS 2008 R2 does not require SUA. I believe much
of this confusion comes from the example config we used to ship, because
it had used the msSFU* attribute names.
As a matter of fact, we fixed that example config in the most recent
SSSD releases - 1.6.2 and 1.5.14. You can see it in the tarball or check
it out via gitweb:
http://git.fedorahosted.org/git/?p=sssd.git;a=blob;f=src/examples/sssd-ex...
Also, Marko Myllynen wrote a very nice HOWTO on AD/sssd integration
lately:
https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate...
Hope this helps.