On 25/08/14 13:44, Andre Pitanga wrote:
> You cannot have a 'user' object and a 'group' object with the same
I know that, that's what I pose in my original post if you read it. The
sAMAccountName has to be unique, but this doesn't seem to apply to disply name, for
Yes, I did read it, so 'display name' doesn't have to be
what, does anything actually use this attribute in authentication ?
> further more, the example you give is a 'local unix' user
and should not
> be put into AD. If you did put them into AD, you would have to remove
> them from /etc/passwd and if the domain went down for some reason, you
> would have NO USERS at all.
So what? Does sssd not provide local credentials caching? Isn't AD fault-tolerant/
highly-available across several hosts? Housing Linux "service accounts" in AD
is a very common practice.
Yes, sssd does provide caching, but what happens if the
corrupt ? Yes AD is fault tolerant but I still think it is a bad idea to
put Linux 'service accounts' into AD and as for 'housing' them in AD
being a common practice, I personally have never heard of it.
> If you are going to use AD, then I suggest that you do a bit
> research, it will not work the way you want it to, this has nothing to
> do with sssd.
Based on your response it would seem this advice applies more to yourself : )
am a practical person and do my research and will not do anything
stupid in production, you might want to, but I cannot advise it.