[Freeipa-users] Question for AD trust and Webservices

[Alexander Bokovoy]

----- Original Message -----
> On 06/23/2015 03:02 PM, Alexander Bokovoy wrote:
> > On Tue, 23 Jun 2015, Dmitri Pal wrote:
> >> On 06/17/2015 09:56 AM, Alexander Bokovoy wrote:
> >>> On Wed, 17 Jun 2015, Henry Hofmann wrote:
> >>>> Ok, how can I configure the map of source attributes (mail or any
> >>>> other) to compat tree?
> >>> Go back in archives in this list and read discussions about "Single
> >>> mail
> >>> deployment in an FreeIPA-WindowsAD scenario". TLDR; not possible in the
> >>> compat tree as of right now.
> >>>
> >> Do we have a ticket for this?
> > No and I don't think it will be possible. slapi-nis is read-only view,
> > it needs to get these attributes from somewhere. Storing values for
> > specialized schema in ID overrides is probably going to be too much --
> > how these source attributes to be managed? In the case of 'single mail'
> > it would need to be Kolab applications which would need to update such
> > attributes, how Kolab would do that?
> >
> > Enabling slapi-nis to be writeable is going to break a lot and in
> > general would not be possible.
> I am missing something. Where the Kolab and writability are coming from?
> The thread was about allowing email as an extra attribute in the compat
> tree.
> There is nothing about writiability.
See https://docs.kolab.org/architecture-and-design/ldap.html, kolabd handles all modifications to LDAP triggered by other interfaces, including but not limited to the web UI.
A whole list of attributes that may appear in LDAP for Kolab entries is here:
https://git.kolab.org/diffusion/KS/browse/master/kolab3.schema
-- 
/ Alexander Bokovoy