[Freeipa-users] User mapping between domains

Simpson Lachlan Lachlan.Simpson at petermac.org
Wed Feb 3 04:08:57 UTC 2016 

> -----Original Message-----
> From: Simpson Lachlan
> 
> and that via the ID Views Default Trust View the IPA server would:
>  - see that jsmith is "Smith Jane" in AD
>  - authenticate against "Smith Jane"'s AD password
>  - see that jsmith's uid now needs to be 1500 instead of 17890983
>  - see that jsmith's home should be /home/jsmith, creating this dir if it
>     doesn't exist
>  - see that jsmith's shell is /bin/bash

I should add:

 - how do I clear the SSSD cache on client hosts when details change upstream?
 - the documentation mentioned - http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust#How_to_Test - indicates that after applying an override via command line like:

ipa idoverrideuser-add 'Default Trust View' testuser at tbad.idm.lab.eng.brq.redhat.com  --uid 5555

we need to follow this up with a restart of SSSD.

I've not known this to be sufficient. I cannot give a "sufficient" way to make this override stick - "magic hand waving" that has worked for me includes: restarting SSSD twice, rebooting the IPA server, and sometimes it seems that after a <timeframe less than 20 minutes>.

Am I missing something?

Cheers
L.

Details:

Centos 7.2
 
sssd-common-1.13.0-40.el7_2.1.x86_64
sssd-ad-1.13.0-40.el7_2.1.x86_64
sssd-1.13.0-40.el7_2.1.x86_64
python-sssdconfig-1.13.0-40.el7_2.1.noarch
sssd-krb5-common-1.13.0-40.el7_2.1.x86_64
sssd-ipa-1.13.0-40.el7_2.1.x86_64
sssd-ldap-1.13.0-40.el7_2.1.x86_64
sssd-proxy-1.13.0-40.el7_2.1.x86_64
sssd-client-1.13.0-40.el7_2.1.x86_64
sssd-common-pac-1.13.0-40.el7_2.1.x86_64
sssd-krb5-1.13.0-40.el7_2.1.x86_64


cheers
L.
This email (including any attachments or links) may contain 
confidential and/or legally privileged information and is 
intended only to be read or used by the addressee.  If you 
are not the intended addressee, any use, distribution, 
disclosure or copying of this email is strictly 
prohibited.  
Confidentiality and legal privilege attached to this email 
(including any attachments) are not waived or lost by 
reason of its mistaken delivery to you.
If you have received this email in error, please delete it 
and notify us immediately by telephone or email.  Peter 
MacCallum Cancer Centre provides no guarantee that this 
transmission is free of virus or that it has not been 
intercepted or altered and will not be liable for any delay 
in its receipt.

More information about the Freeipa-users mailing list