I may take a look to FreeIPA in the future, but it's not in my immediate
As you can see, my blog is low traffic and low content. I'm really not sure
if it will help to blog about the test days. But I'll make sure to take a
look at it and eventually add a note about'em.
Thanks again for the feedback.
On Apr 11, 2013 3:24 PM, "Dmitri Pal" <dpal(a)redhat.com> wrote:
On 04/11/2013 02:44 PM, Mathieu Lemoine wrote:
Thanks Dimitri for the feedback.
I made the modifications you asked for. Including a disclaimer regarding
enumerate. I wasn't aware of this issue by the way. So thank you.
From what I can made out of the logs I was given to read, I think SSSD
actually fetch the ssh public key during the enumerate phase along with all
the others LDAP fields.
BTW, please refer to the version I linked here and not the one on
. Because this is the one I'll keep updating on a long term
basis. The company webmaster won't like having updates each times I'll find
a neat trick to refine the config. And I do hope to include further tips on
my blog as I'll keep working with SSSD (For example, I intend to take a
look at the kerberos integration some time in the future).
Yes. Thank you. Looks good.
1) Are you planning to consider FreeIPA?
2) Is there any chance you can blog about the SSSD test day?
Currently there are three test days on the list that we will be running.
Next week there will be an IPA one. We already started to prepare test
cases for it http://fedoraproject.org/wiki/Test_Day:2013-04-18
There will be a similar page created for SSSD. The date is 2013-05-09 and
the focus is "SSSD Improve and AD Integration"
And then later in early June we will try out the FreeIPA with a native OTP
2013/4/11 Dmitri Pal <dpal(a)redhat.com>
> On 04/11/2013 02:04 PM, Mathieu Lemoine wrote:
> Me again. As promised, here is the link to the blog post:
> Enjoy! (Feedback is welcome and will be appreciated.)
> Thank you for the pointer. Several commends
> Please remove enumeration. We ask people not to use enumeration up until
> it is really needed. So if you "really need it" please say that your case
> is somewhat odd.
> The enumeration creates a lot of burden on the server. The enumeration is
> needed only in the case when the servers you access run unattended for a
> long period of time with noone *ever* logging into them. If this is the
> case then enumeration is probably the right thing to do as this is the only
> way to sync up data and make it available before outage for the case of
> However in most cases people log into the systems periodically. In this
> case the data is cached and the enumeration is really not needed.
> Can you please augment it in the article? It is really important because
> people start to use enumerate = true and get into delays when they really
> do not need to use enumeration.
> Also I am not sure that enumeration really affects the data that is
> needed for SSH integration. Can someone confirm that please?
> "to read about this match, " did you mean "patch"?
> 2013/3/25 Dmitri Pal <dpal(a)redhat.com>
>> On 03/19/2013 01:52 PM, Mathieu Lemoine wrote:
>> I have sssd 1.9.4 (from
>> configured on an OpenLDAP server.
>> getent passwd, getent group, authentication and cache is working great.
>> My issue now lies with the SSH public key.
>> My user has the ldapPublicKey objectClass, and the key is in the
>> sshPublicKey attribute.
>> sss_ssh_authorizedkeys is still returning "Error looking up public
>> An inquiry on the #sssd chan directed me to this mailing-list and more
>> precisely to jcholast, I tried to check out the commits, but nothing seems
>> to get out of it...
>> If any of you had informations regarding that, it'd be greatly
>> See the slide deck attached.
>> I suspect the implimatation assumes ipa schema not the one you mention.
>> And the reason is that we have found other schemata limiting.
>> sssd-users mailing
>> Thank you,
>> Dmitri Pal
>> Sr. Engineering Manager for IdM portfolio
>> Red Hat Inc.
>> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>> sssd-users mailing list
> Thank you,
> Dmitri Pal
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?www.redhat.com/carveoutcosts/