Recognize trusted domains in AD provider¶
Related tickets:
Problem Statement¶
With the current LDAP lookups the SSSD AD provider can only find users and groups in the local domain. With Global Catalog lookups (Design page) this will be extended to all users and groups of the local forest. Using the PAC helps to avoid group membership lookups (RFE Use MS-PAC to retrieve user’s group list).
What is missing are lookups of users and groups in trusted forests and password based authentication of users from trusted forests. For this the names of the trusted forests and additional suffixes managed by the forest are needed. The names the
Overview view of the solution¶
Implementation details¶
How to test¶
Author(s)¶
Sumit Bose <sbose@redhat.com>