On ti, 24 loka 2017, Steve Dainard via FreeIPA-users wrote:

I'm running a cross-forest trust with RHEL 7 IPA (60 day trial), when I do
an ldapsearch on the AD user against the IPA server I get very few

It seems like the sssd option 'ldap_user_extras_attrs' should fetch
additional attributes but I can't seem to get any results. I'm also
confused which section this option should be added to on IPA server
sssd.conf. I've tried:

ldap_user_extras_attrs = givenname, sn, displayname

ldap_user_extras_attrs = givenname, sn, displayname

ldap_user_extras_attrs = givenname, sn, displayname

Of note, I didn't include the 'mail' attribute as a value above as I read a
post that said IPA should pull this attribute automatically but I'm not
seeing it either when doing an ldapsearch. Maybe this points to a bigger
Yes, a problem of misunderstanding what piece is used for. ;)

SSSD retrieval of extended attributes is used by SSSD info pipe
interface which is available over DBus. There are applications like
Apache or nginx plugins that consume this interface. Schema
compatibility plugin in FreeIPA LDAP server (slapi-nis) is not using
this API and thus is not providing this information in records you see
in 'cn=compat,$SUFFIX' subtree.

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to