[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: =?utf-8?q?=5BSSSD-users=5DAllow_me_to_introduce_my_situation=E2=80=A6=2E?=
From: Spike White <spikewhitetx () gmail ! com>
Date: 2019-09-27 17:11:21
Message-ID: CAO2Co256VAib9J2LsO=xLujuXxo-AKHZmuqkD3LZH=grg+x9Aw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
All,
In recent postings, there's been some (quite correct!) inferences about my
situation. Let me dispel any confusion, so you're aware of my perspective.
I work for a Fortune 500 company in their IT department. Our company and
team has done Linux and UNIX AD integration using 2 ½ commercial products
for over 12 years now. (that third product was used only in a very limited
scope).
Our team has oversight for about 30,000 Linux servers – 17K of them that
are AD-integrated and 13K in the process of getting there.
So, my team and our server support organization has a wealth of experience
with the Linux client configurations of AD integration. We know our
company incident procedures and that escalation process. Thus, I can say
with confidence (for instance) that Linux sysadmins are engaged in the
infrequent occurrence that AD integration is bulloxed on a particular Linux
server.
So, while we have a wealth of experience in AD/LDAP Linux and app
integration, we are frankly newbies to sssd. I fully admit to my
inexperience in sssd configuration and setup. However, I have been using
it and evaluating it for almost a year. I have it working on RHEL7, RHEL8
and (just last week) RHEL6.
I have gone through all anticipated test cases and – except for one totally
obscure edge case -- sssd appears like it can do everything the commercial
AD integration products can do. I say that – although I have two open sssd
cases with our OS vendor.
1. One has been discussed already on this forum – "realm permit"
segfaulting (but only on RHEL8). Our OS vendor has provided a work-around
for this.
2. I believe the second bug is not a "bug" at all – but it's due to
my lack of understanding of AD and my inexperience with sssd. I'm
currently working that with our OS vendor as well.
Incidentally, if it appears that I'm singularly focused on AD – that's
because I am. That's all my company uses for its back-end authentication
mechanism. I'm also singularly focused on RHEL and RHEL-derived Linux
servers, for similar reasons.
Thus, when I suggest an RFE, I'm speaking from my perspective only and my
company's Linux perspective. I fully realize that other companies have
different escalation policies, different authentication back-ends and
different situations. I fully realize that any RFE I suggest would be
half-baked (at best) – if accepted, it would surely be re-written to be
more generic and useful for a larger target audience.
Spike
[Attachment #5 (text/html)]
<div dir="ltr"><p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">All,</p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">In recent \
postings, there's been some (quite correct!) inferences about my situation. Let me
dispel any confusion, so you're aware of my perspective.</p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">I work for a \
Fortune 500 company in their IT department. Our company and team has done Linux and \
UNIX AD integration using 2 ½ commercial products for over 12 years now. (that \
third product was used only in a very limited scope). </p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Our team has \
oversight for about 30,000 Linux servers – 17K of them that are AD-integrated and \
13K in the process of getting there.</p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">So, my team and \
our server support organization has a wealth of experience with the Linux client \
configurations of AD integration. We know our company incident procedures and that \
escalation process. Thus, I can say with confidence (for instance) that Linux \
sysadmins are engaged in the infrequent occurrence that AD integration is bulloxed on \
a particular Linux server.</p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">So, while we have \
a wealth of experience in AD/LDAP Linux and app integration, we are frankly newbies \
to sssd. I fully admit to my inexperience in sssd configuration and setup. \
However, I have been using it and evaluating it for almost a year. I have it \
working on RHEL7, RHEL8 and (just last week) RHEL6.</p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">I have gone \
through all anticipated test cases and – except for one totally obscure edge case \
-- sssd appears like it can do everything the commercial AD integration
products can do. I say that – although I
have two open sssd cases with our OS vendor.
</p>
<p class="gmail-MsoListParagraphCxSpFirst" style="margin:0in 0in 0.0001pt \
0.5in;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">1.<span \
style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times \
New Roman""> </span>One has been discussed already on this forum –
"realm permit" segfaulting (but only on RHEL8).
Our OS vendor has provided a work-around for this.</p>
<p class="gmail-MsoListParagraphCxSpMiddle" style="margin:0in 0in 0.0001pt \
0.5in;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"> </p>
<p class="gmail-MsoListParagraphCxSpLast" style="margin:0in 0in 8pt \
0.5in;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">2.<span \
style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times \
New Roman""> </span>I believe the second bug is not a "bug" at all \
– but it's due to my lack of understanding of AD and my inexperience with
sssd. I'm currently working that with
our OS vendor as well.</p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Incidentally, if \
it appears that I'm singularly focused on AD – that's because I am. That's all my
company uses for its back-end authentication mechanism. I'm also singularly focused \
on RHEL and RHEL-derived Linux servers, for similar reasons. </p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Thus, when I \
suggest an RFE, I'm speaking from my perspective only and my company's Linux \
perspective. I fully realize that other companies have different escalation \
policies, different authentication back-ends and different situations. I fully \
realize that any RFE I suggest would be half-baked (at best) – if accepted, it \
would surely be re-written to be more generic and useful for a larger target \
audience.</p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"> </p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Spike</p>
<p class="MsoNormal" style="margin:0in 0in \
8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"> </p></div>
[Attachment #6 (text/plain)]
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic