On (25/08/14 14:12), Rowland Penny wrote:
On 25/08/14 13:44, Andre Pitanga wrote:
Hi Rowland,
You cannot have a 'user' object and a 'group' object with the same name,
I know that, that's what I pose in my original post if you read it. The sAMAccountName has to be unique, but this doesn't seem to apply to disply name, for example.
Yes, I did read it, so 'display name' doesn't have to be unique, so what, does anything actually use this attribute in authentication ?
further more, the example you give is a 'local unix' user and should not be put into AD. If you did put them into AD, you would have to remove them from /etc/passwd and if the domain went down for some reason, you would have NO USERS at all.
So what? Does sssd not provide local credentials caching? Isn't AD fault-tolerant/ highly-available across several hosts? Housing Linux "service accounts" in AD is a very common practice.
Yes, sssd does provide caching, but what happens if the cache gets corrupt ?
This should never happen. If you see corrupted cache please report immediatelly. I am not aware of any bug with corupted cache.
LS