[Freeipa-users] ldapsearch for AD users
Jason B. Nance
jason at tresgeek.net
Wed Feb 22 14:32:59 UTC 2017
> There is none. Compat tree is built with RFC2307 queries in mind.
> RFC2307 clients issue a request with a specific user or group name and
> that triggers lookup of AD user/group through SSSD and insertion into
> the compat tree. A part of the trigger is how LDAP filter is built (see
> RFC for those). If your software does not use the same filter, you
> wouldn't get a response.
Are you saying that there is an LDAP query you can use to retrieve the UID/GID of a user/group that is known via an AD trust as long as the filter is correct? I ran into this same situation (with a storage appliance) and thought that the problem was that the UIDs/GIDs were calculated but never stored, but I hadn't stopped to think about how whether sssd (on the local machine) retrieves them from FreeIPA or does the calculation.
More information about the Freeipa-users
mailing list