Hi, please refer to the chapter *8.1.2. Overriding the Default Trust View with Other ID Views* [1] from *Windows Integration Guide*:
----- 8< ----- If another ID view applied to the host overrides the attribute values in the Default Trust View, IdM applies the values from the host-specific ID view on top of the Default Trust View. - If an attribute is defined in the host-specific ID view, IdM applies the value from this view. - If an attribute is not defined in the host-specific ID view, IdM applies the value from the Default Trust View. The Default Trust View is always applied to IdM servers and replicas as well as to AD users and groups. You cannot assign a different ID view to them: they always apply the values from the Default Trust View. ----- >8 ----- Please note also that the additional ID views can apply only to IdM clients, not to the servers. See the note in *Chapter 18. ID Views* [2] of *Linux Domain Identity, Authentication, and Policy Guide*: ----- 8< ----- *Important* You can apply ID views only to IdM clients, not to IdM servers. ----- >8 ----- Hope this clarifies, flo [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/id-views#overriding-the-default-trust-view-with-other-id-views [2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/id-views On Thu, Jul 8, 2021 at 4:53 PM iulian roman via FreeIPA-users < [email protected]> wrote: > Hello, > > Due to the fact that I have some issues with ID views and different sssd > versions, I tried a different approach. I created a second ID view , where > I do override some users only for a group of systems. The override in the > second id view (both for users and groups) is different that the one in the > main Default Trust View. > Is that supported , because as far as I can see on the IPA server, it > still uses the main ID view when it does the query instead of the second ID > view I created , although on the client I can see that the query is on the > second ID view ? How will the cache on the ipa client and ipa server get in > sync ? > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
