[Freeipa-users] ldapsearch for AD users
Alexander Bokovoy
abokovoy at redhat.com
Wed Feb 22 14:50:55 UTC 2017
On ke, 22 helmi 2017, Jason B. Nance wrote:
>> There is none. Compat tree is built with RFC2307 queries in mind.
>> RFC2307 clients issue a request with a specific user or group name and
>> that triggers lookup of AD user/group through SSSD and insertion into
>> the compat tree. A part of the trigger is how LDAP filter is built (see
>> RFC for those). If your software does not use the same filter, you
>> wouldn't get a response.
>
>Are you saying that there is an LDAP query you can use to retrieve the
>UID/GID of a user/group that is known via an AD trust as long as the
>filter is correct? I ran into this same situation (with a storage
>appliance) and thought that the problem was that the UIDs/GIDs were
>calculated but never stored, but I hadn't stopped to think about how
>whether sssd (on the local machine) retrieves them from FreeIPA or does
>the calculation.
Read https://pagure.io/slapi-nis/blob/master/f/doc/ipa/sch-ipa.txt
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list