[Freeipa-users] User mapping between domains
Simpson Lachlan
Lachlan.Simpson at petermac.org
Wed Feb 3 04:08:57 UTC 2016
> -----Original Message-----
> From: Simpson Lachlan
>
> and that via the ID Views Default Trust View the IPA server would:
> - see that jsmith is "Smith Jane" in AD
> - authenticate against "Smith Jane"'s AD password
> - see that jsmith's uid now needs to be 1500 instead of 17890983
> - see that jsmith's home should be /home/jsmith, creating this dir if it
> doesn't exist
> - see that jsmith's shell is /bin/bash
I should add:
- how do I clear the SSSD cache on client hosts when details change upstream?
- the documentation mentioned - http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust#How_to_Test - indicates that after applying an override via command line like:
ipa idoverrideuser-add 'Default Trust View' testuser at tbad.idm.lab.eng.brq.redhat.com --uid 5555
we need to follow this up with a restart of SSSD.
I've not known this to be sufficient. I cannot give a "sufficient" way to make this override stick - "magic hand waving" that has worked for me includes: restarting SSSD twice, rebooting the IPA server, and sometimes it seems that after a <timeframe less than 20 minutes>.
Am I missing something?
Cheers
L.
Details:
Centos 7.2
sssd-common-1.13.0-40.el7_2.1.x86_64
sssd-ad-1.13.0-40.el7_2.1.x86_64
sssd-1.13.0-40.el7_2.1.x86_64
python-sssdconfig-1.13.0-40.el7_2.1.noarch
sssd-krb5-common-1.13.0-40.el7_2.1.x86_64
sssd-ipa-1.13.0-40.el7_2.1.x86_64
sssd-ldap-1.13.0-40.el7_2.1.x86_64
sssd-proxy-1.13.0-40.el7_2.1.x86_64
sssd-client-1.13.0-40.el7_2.1.x86_64
sssd-common-pac-1.13.0-40.el7_2.1.x86_64
sssd-krb5-1.13.0-40.el7_2.1.x86_64
cheers
L.
This email (including any attachments or links) may contain
confidential and/or legally privileged information and is
intended only to be read or used by the addressee. If you
are not the intended addressee, any use, distribution,
disclosure or copying of this email is strictly
prohibited.
Confidentiality and legal privilege attached to this email
(including any attachments) are not waived or lost by
reason of its mistaken delivery to you.
If you have received this email in error, please delete it
and notify us immediately by telephone or email. Peter
MacCallum Cancer Centre provides no guarantee that this
transmission is free of virus or that it has not been
intercepted or altered and will not be liable for any delay
in its receipt.
More information about the Freeipa-users
mailing list