Warning

This is a design page. It was used to design and discuss the initial implementation of the change. However, the state of this document does not necessarily correspond to the current state of the implementation since we do not keep this document up to date with further changes and bug fixes.

Recognize trusted domains in AD provider

Related tickets:

With the current LDAP lookups the SSSD AD provider can only find users and groups in the local domain. With Global Catalog lookups (Design page) this will be extended to all users and groups of the local forest. Using the PAC helps to avoid group membership lookups (RFE Use MS-PAC to retrieve user’s group list).

What is missing are lookups of users and groups in trusted forests and password based authentication of users from trusted forests. For this the names of the trusted forests and additional suffixes managed by the forest are needed. The names the

Sumit Bose <sbose@redhat.com>