Also, when upgrading, please make sure to upgrade to the 6.6.z version of SSSD - there were couple important fixes. AFAIK, the version should be sssd-1.11.6-30.el6_6.3
Martin On 02/02/2015 10:35 PM, Genadi Postrilko wrote: > Thank you for your reply. > I think ill go with the first option, it about time to upgrade :). > > Genadi. > > 2015-02-01 2:09 GMT+02:00 Dmitri Pal <[email protected]>: > >> On 01/31/2015 01:37 PM, Genadi Postrilko wrote: >> >> Hello all. >> >> The environment i'm currently working to migrate under IPA identity >> management contains mostly RHEL 6.2 servers. >> I'm planing to use Active Directory Cross Forest Trust for Identities, IPA >> as sudo provider, and all the other goodies that IPA provides. >> >> If i want to enjoy all the new features (at least most of them), i know >> that clients have to be sssd version > 1.9. And if i want IPA to be auto >> configured as sudo provider it has to be sssd > 1.11. >> >> When reading the mailing list i noticed that sssd 1.11 is mentioned as >> feature of rhel 6.6. >> What i would like and understand is what could go wrong if i will install >> sssd 1.11 on rhel 6.2 servers.And what is is your general recommendations >> for older RHEL 6 (minor) releases? >> >> >> It will pull a lot of dependencies and most of your system will look like >> 6.6 system >> Also the upgrade like this might reveal some issues as the upgrades are >> expected to be gradual. 1-2 versions is ok but 4 is quit a big leap. >> >> Overall it is a bit risky to do it. >> You have three options: >> - upgrade properly but probably in two steps 6.2 -> 6.4 -> 6.6 >> - use SSSD from 6.2 as is for now. It will have limited functionality but >> can leverage AD users from the trust. You would need to configure SSSD to >> use LDAP for authentication and point to compat tree of IPA to take >> advantage of the trust. See details here: >> http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf >> - take your chances and try a hybrid you propose but it is not a formally >> supported configuration. >> >> >> Thanks in advance, >> Genadi. >> >> >> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go To http://freeipa.org for more info on the project >> > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
