[Freeipa-users] AD Trust & LDAP Compat mode w/ RHEL5/AIX
Gould, Joshua
Joshua.Gould at osumc.edu
Tue May 12 20:48:30 UTC 2015
Hopefully I¹m missing something simple.
For an IPA user:
$ ldapsearch -x ³(&(uid=ipa_user)(objectclass=posixAccount))² -b
dc=ipa,dc=example,dc=com
This returns a match.
For an AD user:
$ ldapsearch -x ³(&(uid=ad_user)(objectclass=posixAccount))² -b
cn=compat,dc=ipa,dc=example,dc=com
Does not return any matches.
I verified that all my IPA servers have the compatibility plugin enabled.
# ipa-compat-manage status
Directory Manager password:
Plugin Enabled
#
On 5/12/15, 2:14 PM, "Alexander Bokovoy" <abokovoy at redhat.com> wrote:
>Can you configure SSSD on RHEL5 clients? A simple LDAP provider with a
>base cn=compat,dc=ipa,dc=example,dc=com.
>
>Simple ldapsearch needs to include proper filter, like what SSSD or
>nss_ldap are using. slapi-nis is programmed to specifically respond to
>their queries, not to any request over compat tree.
>
>If you want to check from the command line, use a filter like
>
> (&(uid=AD_user)(objectclass=posixaccount))
>
>
>--
>/ Alexander Bokovoy
[(&(uid=goul09)(objectclass=posixAccount))][cn=accounts,dc=unix,dc=osumc,dc
=edu]
>
More information about the Freeipa-users
mailing list