URL: https://github.com/SSSD/sssd/pull/813
Title: #813: SDAP: allow GSS-SPNEGO for LDAP SASL bind as well
jhrozek commented:
"""
* master:
* 070f22f896b909c140ed7598aed2393d61a834ae
* 3b89934e831fa4e575e398fee6e4c3d4d24854eb
* sssd-1-16:
* 373b1136ccb3bf54f32d47473e8120d0258f8405
* f5d031ba4
URL: https://github.com/SSSD/sssd/pull/813
Title: #813: SDAP: allow GSS-SPNEGO for LDAP SASL bind as well
jhrozek commented:
"""
Looks good and works fine. I'll add accepted once coverity finishes.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/813#issuecomment-494360132
___
URL: https://github.com/SSSD/sssd/pull/813
Title: #813: SDAP: allow GSS-SPNEGO for LDAP SASL bind as well
sumit-bose commented:
"""
Hi,
the latest version include a second patch which takes care of the sub-domains.
The expected behavior is that the value of ldap_sasl_mech is inherited
automat
URL: https://github.com/SSSD/sssd/pull/813
Title: #813: SDAP: allow GSS-SPNEGO for LDAP SASL bind as well
sumit-bose commented:
"""
> In multi-domain AD environment, the subdomains still use GSSAPI even though I
> specify SPNEGO for the joined domain. Specifying the mechanism for the
> subdoma
URL: https://github.com/SSSD/sssd/pull/813
Title: #813: SDAP: allow GSS-SPNEGO for LDAP SASL bind as well
jhrozek commented:
"""
In multi-domain AD environment, the subdomains still use GSSAPI even though I
specify SPNEGO for the joined domain. Specifying the mechanism for the
subdomain works
URL: https://github.com/SSSD/sssd/pull/813
Title: #813: SDAP: allow GSS-SPNEGO for LDAP SASL bind as well
simo5 commented:
"""
We changed GSS-SPNEGO incompatibly at some point, and 2.1.27 may actually be
that point.
We did change it because it didn't work as it should have (was not
interoperab
URL: https://github.com/SSSD/sssd/pull/813
Title: #813: SDAP: allow GSS-SPNEGO for LDAP SASL bind as well
sumit-bose commented:
"""
> LGTM, would it make sense to have a followup where GSS-SPNEGO is made the
> default for the AD backend?
> GSS_SPNEGO is more efficient as it requires less roundt
URL: https://github.com/SSSD/sssd/pull/813
Title: #813: SDAP: allow GSS-SPNEGO for LDAP SASL bind as well
simo5 commented:
"""
LGTM, would it make sense to have a followup where GSS-SPNEGO is made the
default for the AD backend?
GSS_SPNEGO is more efficient as it requires less roundtrips.
"""