Feature changed by: Ralf Haferkamp (rhafer) Feature #308900, revision 6 - Title: Request SSSD to be installed by default + Title: SSSD to be included in openSUSE openSUSE-11.3: Unconfirmed Priority Requester: Important Requested by: David Alston (dalston) Description: I was requesting a feature through http://bugzilla.novell.com/show_bug.cgi?id=574956 (http://bugzilla.novell.com/show_bug.cgi?id=574956) and someone there suggested I create this feature request in OpenFATE. Apparrently the package "SSSD" (with a little configuration work) will solve a significant user support problem by caching LDAP passwords locally so that laptops (and desktops) can continue to login without a network connection. Information on SSSD can be found at https://fedorahosted.org/sssd/ Use Case: We use OpenSUSE and SLES/SLED in a diverse University environment. Many of our users are easily confused by multiple login- ids and so we try to maintain single-signon whenever we can. Folks with windows laptops are able to authenticate to Active Directory and have their username/password cached on their computer so that they can login even if they are not connected to the domain. This feature is sorely missed on our OpenSUSE laptops (and some desktops). Including the "SSSD" package (and making it easy to configure) would go a *very* long way toward making OpenSUSE even more friendly to Enterprise environments. Discussion: #1: Bidossessi SODONON (bidossessi) (2010-02-04 17:02:39) I'm trying to think of the downsides of supporting this package, and i can see none. Of course, I'm in a situation where SSSD would scratch a major itch in my network administration woes, since I use GoSA for my account management needs. The above usecase is valid, but I have experienced far more annoying side-effects trying to use LDAP as a desktop/laptop login database: My network is 100% wireless (mandated by management, despite all my recommendations). I had this chicken and egg problem of having to setup clients using ifup instead of NM because of LDAP logins, but whenever an AP goes down for whatever reason, the users would be locked out, with no way to switch to another potentially working AP. With no solution in sight, I had to fallback to local accounts with NM, and managing that is hell. We have a huge employee turnover. Using nss_ldap had a lot of advantages on the desktop, (like automatic gecos fetching or locking accounts) that i had to forego. I made a Fate request sometime ago for alternate AP settings in Yast to solve that issue, but this package would negate the need for it, AND allow me to use LDAP accounts for my laptop users as well. Sorry for the lenghty comment, but this request speaks to my heart :) #2: Ralf Haferkamp (rhafer) (2010-03-09 09:17:23) "installation by default" as stated in the feature's summary does seem like a good idea currently. But providing packages in openSUSE (and propably having YaST support in the future see https://features.opensuse.org/308902) seems like a good idea. That's why I have just submitted packages to Factory for inclusion into 11.3. + #3: Ralf Haferkamp (rhafer) (2010-03-09 09:34:38) (reply to #2) + Adjusted the features summary, to better reflect what's needed. -- openSUSE Feature: https://features.opensuse.org/308900