[Freeipa-users] Question regarding modifying attributes
Alexander Bokovoy
abokovoy at redhat.com
Wed Apr 27 20:00:42 UTC 2016
On Wed, 27 Apr 2016, Sullivan, Daniel [AAA] wrote:
>Hi,
>
>I have a trusted AD domain that I am enumerating object via IPA. I
>wanted to know if i should be able to manipulate the uidNumber and
>gidNumber stored in the default ID view via by using the ldapmodify
>command, for example, for this DN (not local):
>
>uid=user at domain.edu<mailto:uid=user at domain.edu>,cn=users,cn=compat,dc=ipatst,dc=cri,dc=uchicago,dc=edu
>
>Should it be possible to modify this via IPA’s LDAP implementation
>(using ldapmodify)? I appreciate you taking the time to answer my
>question.
No. The subtree in cn=compat,$SUFFIX is read-only and is generated every
time you restart LDAP server.
uid/gid in default ID View are managed via
idoverrideuser/idoverridegroup set of commands.
See 'ipa help idviews' for details.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list