[Freeipa-users] ldapsearch for AD users
Hanoz Elavia
h.elavia at atomiccartoons.com
Wed Feb 22 15:05:22 UTC 2017
Thanks guys,
I think there might be a way to modify the LDAP query. I'm speaking to the
EMC / Dell support personnel today to see what can be done.
Regards,
Hanoz
*Hanoz Elavia |* IT Manager
*O:* 604-734-2866 *|* *www.atomiccartoons.com
<http://www.atomiccartoons.com>*
112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6
On Wed, Feb 22, 2017 at 6:50 AM, Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On ke, 22 helmi 2017, Jason B. Nance wrote:
>
>> There is none. Compat tree is built with RFC2307 queries in mind.
>>> RFC2307 clients issue a request with a specific user or group name and
>>> that triggers lookup of AD user/group through SSSD and insertion into
>>> the compat tree. A part of the trigger is how LDAP filter is built (see
>>> RFC for those). If your software does not use the same filter, you
>>> wouldn't get a response.
>>>
>>
>> Are you saying that there is an LDAP query you can use to retrieve the
>> UID/GID of a user/group that is known via an AD trust as long as the
>> filter is correct? I ran into this same situation (with a storage
>> appliance) and thought that the problem was that the UIDs/GIDs were
>> calculated but never stored, but I hadn't stopped to think about how
>> whether sssd (on the local machine) retrieves them from FreeIPA or does
>> the calculation.
>>
> Read https://pagure.io/slapi-nis/blob/master/f/doc/ipa/sch-ipa.txt
>
>
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170222/c9238ed4/attachment.htm>
More information about the Freeipa-users
mailing list