Ok, I gave it a try (with an AD provider) and here are the bugs I have found so far:

0. My configuration:
id_provider = ad
auth_provider = ad
chpass_provider = ad
cache_credentials = True
ldap_id_mapping = False
# ldap_sasl_authid = LOGINA$@DUBLIN.AD.S3GROUP.COM

1. Upgrade db database from the 1.8 versions (aka RHEL 6U3) does not work. SSSD won't start (dies silently). I had to rm /var/lib/sss/db/* to make it working.
2. sssd won't work when I specify correct ldap_sasl_authid (see the example above). This is bad as I might have my krb5.keytab cluttered with other (possibly not working) keys so I would like to keep the possibility of specifying the ldap_sasl_authid manually.
3. This is a show stopper for me. I can not disable ID mapping as the example above does not work for me:

Desired results:
Only users and groups w/ RFC2307 attributes are seen, NO id mapping is performed.
Achieved results:
Users and groups who have defined RFC2307 attributes are displayed fine (RFC2307 attributes honored), but also users & groups with no RFC2307 attributes are displayed (RFC2307 attributes computed by sssd)


On 10/18/2012 11:23 AM, Jakub Hrozek wrote:

even though RHEL-6.4 is still brewing, I think there might be some
interest in trying out the 1.9.x series of the SSSD on RHEL-6.3.

So I went ahead and built the SSSD 1.9.2 in a RHEL-6.3 buildroot:

The NVR of these test packages will be lower than those in 6.4 to keep
the upgrade path clean. The only missing functionality is the PAC
responder, which means this SSSD version won't be able to work with
an AD domain that is in a trust relationship with an IPA 3.x domain. I
had to disable the PAC responder as it requires Kerberos 1.10.

Because some new functionality required tweaking the SELinux policy, you
will encounter AVC denials when the new fast cache is accessed. That
said, my quick smoke testing went fine and we will be glad to hear test
results or bug reports.

Using the repository comes with a warning - this is NOT an official Red
Hat supported repository. The packages have NOT gone through formal QA. If
it breaks your RHEL-6.3 installation, you get to keep the pieces.

This is the repo configuration I used:
name=SSSD 1.9.x built for latest stable RHEL

name=SSSD 1.9.x built for latest stable RHEL - Source

Happy testing!
sssd-users mailing list