Wow.. These sound like some amazing additions and enhancements, great work! keep up the good job guys! Aly <div class="gmail_quote">On Jul 19, 2013 5:57 PM, "Dmitri Pal" <<a href="mailto:dpal@redhat.com">dpal@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hello, The FreeIPA team is happy to welcome you to a Fedora Test Day that is being held on Thursday, July 25th. We would like to invite you to take part in testing of the upcoming FreeIPA 3.3 release containing 2 major improvements for easier deployment of FreeIPA Active Directory Trust feature to existing environments: 1) Use POSIX attributes defined in Active Directory [1] With previous FreeIPA releases, users coming from Active Directory to FreeIPA managed machines were always assigned POSIX attributes (UID and GID) by algorithmic mapping. However, in some deployments, Active Directory users and groups already have defined custom POSIX attribute values (UID and GID), which may then be leveraged on Linux machines via other 3rd party Active Directory integration solutions. Administrator may choose to keep the values to not disrupt file ownerships. With FreeIPA 3.3, FreeIPA Active Directory Trust may be configured to use these attributes when Active Directory user authenticates to Linux machines. 2) Expose POSIX data on legacy systems without recent SSSD Administrators may have a deployment of machines which cannot use the recent SSSD with Active Directory Trust support but would still like to be able to authenticate with Active Directory user to these machines. This may affect for example older Linux machines, UNIX machines. With FreeIPA 3.3, Administrator may configure a compatibility LDAP tree which will contain identities of the Active Directory users to the legacy systems. These systems may then leverage standard LDAP authentication in this tree allowing selected Active Directory users to authenticate. To read more about the Test Day and suggested tests, see the following link: <a href="https://fedoraproject.org/wiki/Test_Day:2013-07-25_AD_trusts_with_POSIX_attributes_in_AD_and_support_for_old_clients" target="_blank">https://fedoraproject.org/wiki/Test_Day:2013-07-25_AD_trusts_with_POSIX_attributes_in_AD_and_support_for_old_clients</a> Thank you for your help and participation! The FreeIPA team [1] <a href="http://www.freeipa.org/page/V3/Use_posix_attributes_defined_in_AD" target="_blank">http://www.freeipa.org/page/V3/Use_posix_attributes_defined_in_AD</a> [2] <a href="http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts" target="_blank">http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts</a> [IdM | IPA] FAQs: <a href="https://url.corp.redhat.com/idm-faq" target="_blank">https://url.corp.redhat.com/idm-faq</a> Identity Management SME Team on Docspace <a href="https://url.corp.redhat.com/sme-idm" target="_blank">https://url.corp.redhat.com/sme-idm</a> Search the archives: <a href="http://post-office.corp.redhat.com/mailman/listinfo/idm-tech" target="_blank">post-office.corp.redhat.com/mailman/listinfo/idm-tech</a> _______________________________________________ Freeipa-users mailing list <a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a> </blockquote></div>