On 11/08/2012 06:24 PM, Jakub Hrozek wrote:

> 2. sssd won't work when I specify correct ldap_sasl_authid (see the
> example above). This is bad as I might have my krb5.keytab cluttered
> with other (possibly not working) keys so I would like to keep the
> possibility of specifying the ldap_sasl_authid manually.

So this is authid that was working with the plain ldap provider but
dosn't work with ad provider? Can you share logs? 

Have you tried if using this authid works even with 1.9 with the ldap
provider?

looks like the syntax of the ldap_sasl_authid parameter has changed.
Previously (in the 1.8.x version) it accepted form <principal_name>@<REALM>, now it only accepts <principal_name>

Ondrej