[Freeipa-users] ldapsearch for AD users
Martin Babinsky
mbabinsk at redhat.com
Wed Feb 22 06:49:47 UTC 2017
On 02/21/2017 09:10 PM, Hanoz Elavia wrote:
> Hello,
>
> I've got the FreeIPA server with AD trust (Server 2008 R2) setup and
> running. I can login successfully on linux clients using AD credentials.
> I'm now trying to setup my Isilon storage appliance with mixed mode file
> sharing.
>
> The filer has joined the AD so it provides Windows users access to the
> files. However, being a legacy client, it uses simple bind to query ldap
> for uid and gid. I was able to setup FreeIPA as the ldap server but it
> doesn't seem to return the uid and gid for AD objects.
>
> The query my storage is using is as follows:
>
> ldapsearch -x -W -z 10 -H ldap://ipa.server.com <http://ipa.server.com>
> -b 'cn=compat,dc=ipa,dc=server,dc=com' -D
> 'uid=binduser,cn=users,cn=accounts,dc=ipa,dc=server,dc=com'
> '(|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=nisNetgroup)(objectClass=person))'
>
> The following command will obtain all the IDs for the native FreeIPA
> users / groups but don't return any results for AD users. Is there a way
> to get this done? I can't install any clients on the Isilon as it uses a
> BSD based proprietary software. I can manually map FreeIPA assigned uids
> / gids but that's tedious and error prone. Any help would be appreciated.
>
> Regards,
>
> H.
>
>
Hi Hanoz,
please bear in mind that in AD trust scenario the AD users are *not*
stored on IPA server so you have to query AD DC directly for AD user
attributes.
--
Martin^3 Babinsky
More information about the Freeipa-users
mailing list