<div dir="ltr"><div><div><div>Hey Alex,<br><br></div>Thanks, I ran ipa-compat-manage status and it shows Plugin enabled. I'll have a look at the link and see if we can change the query to obtain the info required.<br><br></div>Regards,<br><br></div>Hanoz<span id="gmail-password" class="gmail-"></span></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span><b><span style="font-size:9.5pt;font-family:"times new roman","serif""><span style="color:rgb(255,0,0)"><img src="https://docs.google.com/a/atomiccartoons.com/uc?id=0BzG4iWi2gPgKc2FvTEJfQVN5VTQ&export=download" height="27" width="200"><br><span style="font-family:arial,helvetica,sans-serif"><font size="2">Hanoz Elavia</font></span></span><span style="font-family:arial,helvetica,sans-serif"><font size="2"><span style="color:rgb(95,95,95)"> </span><span style="color:rgb(64,64,64)">|</span></font></span></span></b><span style="font-family:arial,helvetica,sans-serif"><font size="2"><span style="color:rgb(64,64,64)"> IT Manager <br></span><b><span style="color:rgb(64,64,64)">O:</span></b><span style="color:rgb(64,64,64)"> <a href="tel:604-734-2866" value="+16047342866" target="_blank">604-734-2866</a> </span><span style="color:black"><b>|</b> </span><span style="color:black"><u><span><span style="color:black"></span><a href="http://www.atomiccartoons.com" target="_blank">www.atomiccartoons.com</a></span></u><br>112 West 6<sup>th</sup> Ave, Vancouver, BC, Canada, V5Y1K6</span></font></span></span></div></div></div></div></div></div></div></div></div></div></div></div></div> <br><div class="gmail_quote">On Wed, Feb 22, 2017 at 8:34 AM, Alexander Bokovoy <span dir="ltr"><<a href="mailto:abokovoy@redhat.com" target="_blank">abokovoy@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On ke, 22 helmi 2017, Hanoz Elavia wrote:<br> </span><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Thanks Alex,<br> <br> Does it also means that I'll have to install the FreeIPA server with<br> --enable-compat ? I didn't do that.<br> </blockquote> <br></span> check ipa-compat-manage tool.<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> Regards,<br> <br> Hanoz<br> <br> <br> *Hanoz Elavia |* IT Manager<br> *O:* <a href="tel:604-734-2866" value="+16047342866" target="_blank">604-734-2866</a> *|* *<a href="http://www.atomiccartoons.com" rel="noreferrer" target="_blank">www.atomiccartoons.com</a><br> <<a href="http://www.atomiccartoons.com" rel="noreferrer" target="_blank">http://www.atomiccartoons.com</a><wbr>>*<span class=""><br> 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6<br> <br> On Wed, Feb 22, 2017 at 7:22 AM, Alexander Bokovoy <<a href="mailto:abokovoy@redhat.com" target="_blank">abokovoy@redhat.com</a>><br> wrote:<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> On ke, 22 helmi 2017, Hanoz Elavia wrote:<br> <br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hey Alex,<br> <br> Thanks for the link, isn't RFC 2307 implemented as Services for Unix in<br> Windows 2008 R2? Apologies for not mentioning this earlier but I haven't<br> enabled that mainly because SSSD now maps the IDs. Also, in the newer<br> version of the Windows Server, SFU seems to have been discontinued.<br> <br> </blockquote> I think you are confused by the names. What Compat tree provides is an<br> interface on IPA side to look up identities of AD users and groups over<br> LDAP. Compat tree will do lookup through SSSD on your behalf. This means<br> we don't depend on how Windows side provides or does not provide<br> attributes.<br> Everything SSSD can resolve, can be returned, be it stored in AD LDAP,<br> generated by SSSD, or stored in ID overrides in IPA.<br> <br> But the query format is the one described in RFC 2307 because this is<br> what all nss implementations like nss_ldap or similar ones use in<br> UNIX-like environments. Windows Server is merely implementing the same<br> LDAP schema to allow interoperability with the same clients. Think of<br> Compat Tree in IPA as doing the same, just dynamically.<br> <br> <br> --<br> / Alexander Bokovoy<br> <br> </blockquote></span></blockquote><span class="HOEnZb"><font color="#888888"> <br> -- <br> / Alexander Bokovoy<br> </font></span></blockquote></div><br></div>