Again, thanks a lot Alexander! I will try this! Best,
Francis > On 8 Apr 2022, at 11:12, Alexander Bokovoy <[email protected]> wrote: > > On pe, 08 huhti 2022, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: >> Hi, >> >> I wonder if there is a way to create an AD trust where users would >> maintain the uidNumber/gidNumber that are stored in AD. > > Yes. It is all documented in RHEL IdM documentation. > >> >> I read on an older question on the nakive forum that if the trust-add >> command finds users with uidNumbers, so those would be used. I tried, >> but a random id-range is created every time. >> >> Is there a smart way to actually preserve those uidNumbers from AD? > > I guess, you did not specify the type of the range? If type of range is > not specified, we attempt to search on the forest root domain for signs > of use of SFU information in AD LDAP at > CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,$BASEDN. > > If you have user domain somewhere else in the forest and users are not > part of the forest root domain, then this check will not find POSIX > identities. > > # ipa trust-add --help|grep range-type > --range-type=['ipa-ad-trust', 'ipa-ad-trust-posix'] > > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
