[Freeipa-users] IPA + AD Integration - Auditor wants verification of integration
Sumit Bose
sbose at redhat.com
Wed Jun 25 13:01:50 UTC 2014
On Wed, Jun 25, 2014 at 08:36:49AM -0400, Mark Gardner wrote:
> Since this information isn't in the Web Interface.
> How do I find query the ipa ldap server to proof that IPA is talking to
> our AD server in order to get identity and authorization information.
>
> Yes we know we've established a trust for our linux subdomain. But theres
> nothing that I can find that says it's our ad server.
Trust is not about trusting a server but trusting the whole forest. So
we are not connection to a specific AD server but use DNS SRV records to
find all the DCs in your forest/domain and pick one. This is why you
only see information about the trusted domain and not about AD servers
in the Web UI.
To verify to which AD server SSSD is talking (SSSD is used by recent
version of IPA to get the user and group data from AD) you can e.g. call
netstat -danpt | grep sssd
As an alternative you can run SSSD with debug_level 7 or higher and look
for 'New LDAP connection to' messages in the logs.
HTH
bye,
Sumit
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list