On pe, 01 joulu 2017, Lenhardt, Matthias wrote:
-----Urspr√ľngliche Nachricht-----
Von: Alexander Bokovoy [mailto:aboko...@redhat.com]
Gesendet: Donnerstag, 30. November 2017 17:40
An: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Cc: Lenhardt, Matthias <matthias.lenha...@bitmarck.de>
Betreff: Re: [Freeipa-users] Update of compat tree after change of AD user

On to, 30 marras 2017, Lenhardt, Matthias via FreeIPA-users wrote:
>any recommendations how to best update the compat tree after changes
>AD user attributes?
>We use IPA 4.5 with AD trust. After modification of a AD user
>attribute, e.g. loginShell, the compat tree doesn't get updated
>automatically and so the unix/linux can't enjoy his new shell.
>Accourding to Red Hat's knowledge base article
>https://access.redhat.com/solutions/1503713 the only way is to restart
>dirsrv ...
>Maybe there's a better way to achieve this.
Not right now. We are working on improvements, though. Hopefully, they'll
be in next RHEL update. I need to update Fedora packages too but as we
depend on somewhat newer SSSD functionality which is not released yet
(backports from git master are in Fedora as of last week), it was delayed.

Do you run RHEL or CentOS?

We are running RHEL 7.4 on IPA server. Clients are a mix of RHEL 7,
CentOS 7 and Solaris systems.

In principle I have no problem in refreshing dirsrv, if you say, this
is right at the moment the way to do this. Would it be enough to
restart only one of my two dirsrv services and the other one will be
refreshed through replication?
slapi-nis produces virtual entries on request so it is not really
related to replication. Sure, ID overrides get replicated but anything
under cn=compat,$SUFFIX is not.

You need to consider cn=compat,$SUFFIX on each server separately. --
/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to