You have to join AD in order to perform authorization tasks, bcs otherwise sssd has no way
how to communicate with AD.
If you only want to use AD to authenticate local users, then no join is indeed necessary,
but then there is no need for sssd, just need to configure Kerberos.
-----Original Message-----
From: Michael Dahlberg <dahlberg(a)recursoft.org>
Sent: Monday, April 20, 2020 10:40 PM
To: sssd-users(a)lists.fedorahosted.org
Subject: [SSSD-users] ID provider AD vs LDAP
I'm attempting to setup SSSD using AD as the id provider. All the documentation that
I've found results in the linux system joining the AD domain when configuring sssd in
this manner. I would like to configure sssd running on RHEL to just do authorization
(access_provider) against the AD domain and *not* actually join the AD domain. I assume
that this would mean I should not set "access_provider = ad". Instead should
this value be set to ldap?
If I configure sssd to use LDAP as the access provider, how would I address the Active
Directory domain
ad.example.com using the "ldap://" notation? Would there be
any other changes that I would need to address in the sssd.conf examples that use ldap as
the access provider?
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email
to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fe...
List Guidelines:
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedorap...
List Archives:
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.f...