Feature changed by: Andreas Jaeger (a_jaeger) Feature #308902, revision 12 Title: Configure SSSD via Yast openSUSE-11.3: Rejected by Andreas Jaeger (a_jaeger) reject date: 2010-07-20 09:29:40 reject reason: not done in time. Priority Requester: Important openSUSE-11.4: Evaluation Priority Requester: Mandatory - Info Provider: (Novell) Requested by: David Alston (dalston) Description: It would be great if we could configure the SSSD package (http://fedoraproject.org/wiki/Features/SSSD) for local user/password sync with either LDAP or Kerberos for offline authentication with Yast. This is related to https://features.opensuse.org/308900 This is important if openSUSE is interested in being a significant presence in Enterprise environments. Relations: - original request to include sssd (feature/id: 308900) - related Feature (feature/id: 310176) - More info about sssd (url: ) Discussion: #1: Bidossessi SODONON (bidossessi) (2010-02-04 16:19:02) I discovered the existence of this package through the hermes feed, and i must say this is a MAJOR feature that should be included as soon as it is declared stable. I use Gonicus' Gosa for my users' accounts, and i had to fallback to local because our network is a bit flaky and users would be locked out of their machines time and time again (mandated wireless and lots of power outages). SSSD (or any equivalent) would mean the end of my remote user- management nightmares in a multi-site all-openSUSE network. I would strongly recommend it be reviewed. #6: Ralf Haferkamp (rhafer) (2010-11-10 14:17:51) One remaining question here is whether we want YaST to support both types of setup or if to switch to sssd completely. I just checked how this is handled in Fedora 14 currently. And it seems that they support both types of setups in their GUI tools, depending on what packages are installed in the system. * If the sssd package is installed in the system (it seems to be in their default installation), sssd is configured. * If nss-pam-ldapd (which is kind of a successor to nss_ldap/pam_ldap, we also have packages for that) is installed they configure that. * If none of the above packages is installed (e.g. you choose a minimal installation) they suggest to install nss-pam-ldapd. (Which is kind of strange) (IMO leaving support for nss_ldap/pam_ldap inplace in the yast2-ldap- client module for now is a good idea. Provided that is doesn't create too much effort. I'll add some details about what the sssd setup looks like here next.) Setting needinfo to aj@novell.com to give his point of view here. + #7: Andreas Jaeger (a_jaeger) (2010-11-10 14:34:54) (reply to #6) + We currently have some hacks in glibc due to nss_ldap usage. I would + prefer to remove those hacks but you have to tell me whether it makes + sense to support both or not. So, I'm in favor of moving to sssd + completely but you have to tell us whether we really need + nss_ldap/pam_ldap. -- openSUSE Feature: https://features.opensuse.org/308902