[Freeipa-users] Question for AD trust and Webservices

[Dmitri Pal]

On 06/26/2015 11:26 PM, Alexander Bokovoy wrote:
>
> ----- Original Message -----
>> On 06/23/2015 03:02 PM, Alexander Bokovoy wrote:
>>> On Tue, 23 Jun 2015, Dmitri Pal wrote:
>>>> On 06/17/2015 09:56 AM, Alexander Bokovoy wrote:
>>>>> On Wed, 17 Jun 2015, Henry Hofmann wrote:
>>>>>> Ok, how can I configure the map of source attributes (mail or any
>>>>>> other) to compat tree?
>>>>> Go back in archives in this list and read discussions about "Single
>>>>> mail
>>>>> deployment in an FreeIPA-WindowsAD scenario". TLDR; not possible in the
>>>>> compat tree as of right now.
>>>>>
>>>> Do we have a ticket for this?
>>> No and I don't think it will be possible. slapi-nis is read-only view,
>>> it needs to get these attributes from somewhere. Storing values for
>>> specialized schema in ID overrides is probably going to be too much --
>>> how these source attributes to be managed? In the case of 'single mail'
>>> it would need to be Kolab applications which would need to update such
>>> attributes, how Kolab would do that?
>>>
>>> Enabling slapi-nis to be writeable is going to break a lot and in
>>> general would not be possible.
>> I am missing something. Where the Kolab and writability are coming from?
>> The thread was about allowing email as an extra attribute in the compat
>> tree.
>> There is nothing about writiability.
> See https://docs.kolab.org/architecture-and-design/ldap.html, kolabd handles all modifications to LDAP triggered by other interfaces, including but not limited to the web UI.
> A whole list of attributes that may appear in LDAP for Kolab entries is here:
> https://git.kolab.org/diffusion/KS/browse/master/kolab3.schema
Sure but was the request in this thread driven by Kolab? I have not seen 
that in any of the emails.
Why we assume that it is because of Kolab?

-- 
Thank you,
Dmitri Pal

Director of Engineering for IdM portfolio
Red Hat, Inc.