Document the best practices for AD access control

[sssd-bot]

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2083

• Created at 2013-09-09 10:23:40 by jhrozek
• Closed as Fixed
• Assigned to sbose

---

Currently the users have several options for controlling the AD access control. One is the AD access provider that currently checks for expiration, one is the simple access provider and some users choose to configure the LDAP access provider as well.

We should summarize and document these options on wiki page.

Comments

---

Comment from jhrozek at 2013-09-19 12:08:54

Fields changed

design: => https://fedorahosted.org/sssd/wiki/DesignDocs/ActiveDirectoryAccessControl
design_review: 0 => 1

---

Comment from dpal at 2013-09-19 15:42:31

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.2
rhbz: => 0

---

Comment from jhrozek at 2013-10-30 23:57:48

Creating the document did not block 1.11.2, moving to 1.11.3 and setting higher priority so that the document is done in time.

milestone: SSSD 1.11.2 => SSSD 1.11.3

---

Comment from jhrozek at 2013-12-19 10:08:08

Moving tickets that didn't make 1.11.3 to 1.11.4

milestone: SSSD 1.11.3 => SSSD 1.11.4

---

Comment from jhrozek at 2014-01-16 14:31:21

Fields changed

owner: somebody => sbose
summary: Document the best practices for AD access control => MAN: Document the best practices for AD access control

---

Comment from jhrozek at 2014-02-17 16:29:48

After some more discussion with Sumit it would make more sense to document the access control on the wiki rather than the man pages. The first draft of the AD provider wiki page that will include this topic was shared between me and Sumit so far.

This ticket should not block 1.11.4

milestone: SSSD 1.11.4 => SSSD 1.11.5
summary: MAN: Document the best practices for AD access control => Document the best practices for AD access control

---

Comment from jhrozek at 2014-04-03 19:49:33

The wiki page itself is shaping up:
https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server

but the access control content is not there yet. Moving out of 1.11.5 as wiki page edits shouldn't block a release.

milestone: SSSD 1.11.5 => SSSD 1.11.6

---

Comment from jhrozek at 2014-06-03 19:25:23

Per conversation with Sumit, we just need to link the simple AD man pages to the wiki. Can be done post-release.

milestone: SSSD 1.11.6 => SSSD 1.11.7

---

Comment from jhrozek at 2014-09-17 15:20:55

Fields changed

milestone: SSSD 1.11.7 => NEEDS_TRIAGE

---

Comment from jhrozek at 2014-09-18 17:27:22

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.2
priority: major => trivial

---

Comment from jhrozek at 2014-09-30 19:06:44

We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3

milestone: SSSD 1.12.2 => SSSD 1.12.3

---

Comment from jhrozek at 2014-11-19 18:18:03

Fields changed

mark: => 0
milestone: SSSD 1.12.3 => SSSD 1.12.4

---

Comment from jhrozek at 2015-02-18 19:29:21

Moving tickets that didn't make the 1.12.4 release to 1.12.5

milestone: SSSD 1.12.4 => SSSD 1.12.5

---

Comment from jhrozek at 2015-09-14 09:51:59

https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server?action=diff&version=17&old_version=16

resolution: => fixed
sensitive: => 0
status: new => closed

---

Comment from jhrozek at 2017-02-24 14:56:00

Metadata Update from @jhrozek:

• Issue assigned to sbose
• Issue set to the milestone: SSSD 1.12.5