List of Design Pages
The following is a list of design pages that describe decision process and implementation details of more complex changes. Each page provides a solution overview to help you understand how the change was implemented. It does not serve as an accurate documentation of the change. The changes landed in different versions of SSSD and not all of them were implemented.
Warning
Each design page was used to describe the initial implementation of the change. However, the state of those documents do not necessarily correspond to the current state of the project since we do not keep these documents up to date with further changes and bug fixes.
- AccountsService takeover
- Adding the ad_access_filter option
- Use Active Directory’s DNS sites
- Active Directory client DNS updates
- Specify the DNS site a client is using
- GPO-Based Access Control
- Async WinBind
- Generate an access control report for IPA domains
- Automatic Private Groups for LDAP and AD domains
- SSSD and automounter integration
- Backend DNS Helpers
- Move resolv.conf Watching to the Backends
- Blank Feature Template
- Authenticate against cache in SSSD
- Certificate mapping and matching rules for all providers
- Change password on LDAP server that does not support Password Mofify Extended Operation
- sss_confcheck tool (deprecated and moved to sssctl)
- Improve config validation
- LDAP provider integration tests
- Data Provider Refactoring
- D-Bus Interface: Cached Objects
- D-Bus Interface: Domains
- Support for multiple D-Bus interfaces on single object path
- DBus responder
- D-Bus Signal: Notify Property Changed
- Simple D-Bus API wrapper library
- D-Bus Interface: Users and Groups
- DDNS - specify which server to update DNS with
- Enhanced NSS (Name Service Switch) API
- FastNSSCache
- “Files” data provider to serve contents of
/etc/passwd
and/etc/group
- Fleet Commander Integration
- Global Catalog Lookups in SSSD
- Hybrid Private Groups for LDAP and AD domains
- ID mapping - Automatically assign new slices for any AD domain
- ID-Override - Re-Design
- Integrate SSSD with CIFS Client
- IPA Server Mode
- KCM server for SSSD
- Kdcinfo files for trusted domains
- Multiple server addresses or names in kdcinfo files
- Kerberos Locator Plugin Redesign
- Mapping ID provider names to Kerberos principals
- LDAP Referrals
- Config file validation
- Supporting Local Users as members of LDAP Groups for RRFc2307 servers
- Lookup Users by Certificate
- Lookup Users by Certificate - Active Directory
- Matching and Mapping Certificates
- Proposal to redesign the memberOf plugin (v1)
- Proposal to redesign the memberOf plugin (v2)
- Multiple LDAP search bases support
- Netgroup NSS map support
- Support for non-POSIX users and groups
- Running SSSD as a non-root user
- ID Mapping calls for the NSS responder
- Allow Kerberos Principals in getpwnam() calls
- Code refactoring for the 1.15 release
- Improve SSSD Performance with a timestamp cache
- One way trust support
- OpenLMI provider design
- OTP Related Improvements
- PAM Conversation for OTP/Two-Factor-Authentication
- Passkey - Authentication in a centralized environment
- Passkey authentication Kerberos integration
- Periodic task API
- Periodical refresh of expired entries
- Detecting POSIX attributes in Global Catalog using the Partial Attribute Set
- Make authentication prompting configurable
- Prompting For Multiple Authentication Types
- Recognize trusted domains in AD provider
- Restricting the domains a PAM service can auth against
- SSS NFS Client (rpc.idmapd plugin)
- Secrets Service
- Shortnames in trusted domains
- Common SIGCHLD handler
- Smartcard Authentication - PKINIT
- Require Smartcard authentication (for local users)
- Smartcard authentication - Step 1 (local authentication)
- Smartcard authentication - Testing with AD
- Smartcard authentication - Multiple Certificates on a Smartcard
- Smart Cards
- Smartcards and Multiple Identities
- Socket Activatable Responders
- Sockets for domains in a multi-tenant setup
- SSSCTL - a CLI tool to control and monitor SSSD
- Get and Set per-Component Debug-Level
- SSSD 2.0
- Trusted domain configuration
- Sub-Domains in SSSD
- SUDO caching rules
- Invalidate Cached SUDO Rules
- SUDO integration proposal using sudo policy plugin
- SUDO integration
- IPA sudo schema support
- SUDO Responder Cache Behaviour
- SUDO Support to SSSD
- Sudo Plugin Wire Protocol
- Change format of SYSDB_NAME attribute for users and groups
- Systemd Activatable Responders
- Using the Global Catalog to speed up lookups by ID
- Do not always override home directory with subdomain_homedir value in server mode
- User Account Management Consolidation
- Wildcard refresh through InfoPipe