[Freeipa-users] ldapsearch for AD users

Hanoz Elavia h.elavia at atomiccartoons.com
Wed Feb 22 16:40:38 UTC 2017


Hey Alex,

Thanks, I ran ipa-compat-manage status and it shows Plugin enabled. I'll
have a look at the link and see if we can change the query to obtain the
info required.

Regards,

Hanoz


*Hanoz Elavia |*  IT Manager
*O:* 604-734-2866 *|*  *www.atomiccartoons.com
<http://www.atomiccartoons.com>*
112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6

On Wed, Feb 22, 2017 at 8:34 AM, Alexander Bokovoy <abokovoy at redhat.com>
wrote:

> On ke, 22 helmi 2017, Hanoz Elavia wrote:
>
>> Thanks Alex,
>>
>> Does it also means that I'll have to install the FreeIPA server with
>> --enable-compat ? I didn't do that.
>>
>
> check ipa-compat-manage tool.
>
>
>> Regards,
>>
>> Hanoz
>>
>>
>> *Hanoz Elavia |*  IT Manager
>> *O:* 604-734-2866 *|*  *www.atomiccartoons.com
>> <http://www.atomiccartoons.com>*
>> 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6
>>
>> On Wed, Feb 22, 2017 at 7:22 AM, Alexander Bokovoy <abokovoy at redhat.com>
>> wrote:
>>
>> On ke, 22 helmi 2017, Hanoz Elavia wrote:
>>>
>>> Hey Alex,
>>>>
>>>> Thanks for the link, isn't RFC 2307 implemented as Services for Unix in
>>>> Windows 2008 R2? Apologies for not mentioning this earlier but I haven't
>>>> enabled that mainly because SSSD now maps the IDs. Also, in the newer
>>>> version of the Windows Server, SFU seems to have been discontinued.
>>>>
>>>> I think you are confused by the names. What Compat tree provides is an
>>> interface on IPA side to look up identities of AD users and groups over
>>> LDAP. Compat tree will do lookup through SSSD on your behalf. This means
>>> we don't depend on how Windows side provides or does not provide
>>> attributes.
>>> Everything SSSD can resolve, can be returned, be it stored in AD LDAP,
>>> generated by SSSD, or stored in ID overrides in IPA.
>>>
>>> But the query format is the one described in RFC 2307 because this is
>>> what all nss implementations like nss_ldap or similar ones use in
>>> UNIX-like environments. Windows Server is merely implementing the same
>>> LDAP schema to allow interoperability with the same clients. Think of
>>> Compat Tree in IPA as doing the same, just dynamically.
>>>
>>>
>>> --
>>> / Alexander Bokovoy
>>>
>>>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170222/e02c6db6/attachment.htm>


More information about the Freeipa-users mailing list