[Freeipa-users] external ad users in ldap directory is it possible in general?
Sumit Bose
sbose at redhat.com
Mon Jun 6 16:10:40 UTC 2016
On Mon, Jun 06, 2016 at 06:26:43PM +0300, Serge Krawczenko wrote:
> Hello,
> my apologies if the question is asked too frequently
>
> While implementing an SSO in my environment, i have a need to integrate
> with existing AD Win2008R2.
> The systems i need to be included into SSO can only authorize via LDAP,
> many of them have been already configured and tested against FreeIPA and
> local users. Those systems are apache, jira, radius and so.
>
> However, how is it applicable for external users from windows AD?
> Trusted relations have been configured according to manual.
>
> As stated in FreeIPA 4.3 release notes,
>
> "AD users are now shown as members of IPA groups when external group is
> added to IPA group #4403"
>
> So i expect external users to be visible by ldapsearch etc on FreeIPA upon
> corresponding groups mapping. Well, no. Users are not visible.
How does your ldapsearch command look like? Are you searching in the
compat tree 'cn=compat,dc=your,dc=ipa,dc=domain'? Do you have slapi-nis
enabled?
HTH
bye,
Sumit
>
> Please advise is this achievable at all or do i have some fundamental
> misunderstanding of the technology or is there some misconfiguration?
>
> Thanks a lot.
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list