<div dir="ltr"><div><div><div>Thanks guys,<br><br></div>I think there might be a way to modify the LDAP query. I'm speaking to the EMC / Dell support personnel today to see what can be done.<br><br></div>Regards,<br><br></div>Hanoz<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span><b><span style="font-size:9.5pt;font-family:"times new roman","serif""><span style="color:rgb(255,0,0)"><img src="https://docs.google.com/a/atomiccartoons.com/uc?id=0BzG4iWi2gPgKc2FvTEJfQVN5VTQ&export=download" height="27" width="200"><br><span style="font-family:arial,helvetica,sans-serif"><font size="2">Hanoz Elavia</font></span></span><span style="font-family:arial,helvetica,sans-serif"><font size="2"><span style="color:rgb(95,95,95)"> </span><span style="color:rgb(64,64,64)">|</span></font></span></span></b><span style="font-family:arial,helvetica,sans-serif"><font size="2"><span style="color:rgb(64,64,64)"> IT Manager <br></span><b><span style="color:rgb(64,64,64)">O:</span></b><span style="color:rgb(64,64,64)"> <a href="tel:604-734-2866" value="+16047342866" target="_blank">604-734-2866</a> </span><span style="color:black"><b>|</b> </span><span style="color:black"><u><span><span style="color:black"></span><a href="http://www.atomiccartoons.com" target="_blank">www.atomiccartoons.com</a></span></u><br>112 West 6<sup>th</sup> Ave, Vancouver, BC, Canada, V5Y1K6</span></font></span></span></div></div></div></div></div></div></div></div></div></div></div></div></div> <br><div class="gmail_quote">On Wed, Feb 22, 2017 at 6:50 AM, Alexander Bokovoy <span dir="ltr"><<a href="mailto:abokovoy@redhat.com" target="_blank">abokovoy@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On ke, 22 helmi 2017, Jason B. Nance wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> There is none. Compat tree is built with RFC2307 queries in mind.<br> RFC2307 clients issue a request with a specific user or group name and<br> that triggers lookup of AD user/group through SSSD and insertion into<br> the compat tree. A part of the trigger is how LDAP filter is built (see<br> RFC for those). If your software does not use the same filter, you<br> wouldn't get a response.<br> </blockquote> <br> Are you saying that there is an LDAP query you can use to retrieve the<br> UID/GID of a user/group that is known via an AD trust as long as the<br> filter is correct? I ran into this same situation (with a storage<br> appliance) and thought that the problem was that the UIDs/GIDs were<br> calculated but never stored, but I hadn't stopped to think about how<br> whether sssd (on the local machine) retrieves them from FreeIPA or does<br> the calculation.<br> </blockquote></div></div> Read <a href="https://pagure.io/slapi-nis/blob/master/f/doc/ipa/sch-ipa.txt" rel="noreferrer" target="_blank">https://pagure.io/slapi-nis/bl<wbr>ob/master/f/doc/ipa/sch-ipa.tx<wbr>t</a><span class="HOEnZb"><font color="#888888"><br> <br> <br> <br> -- <br> / Alexander Bokovoy<br> </font></span></blockquote></div><br></div>