Hopefully I¹m missing something simple. For an IPA user: $ ldapsearch -x ³(&(uid=ipa_user)(objectclass=posixAccount))² -b dc=ipa,dc=example,dc=com
This returns a match. For an AD user: $ ldapsearch -x ³(&(uid=ad_user)(objectclass=posixAccount))² -b cn=compat,dc=ipa,dc=example,dc=com Does not return any matches. I verified that all my IPA servers have the compatibility plugin enabled. # ipa-compat-manage status Directory Manager password: Plugin Enabled # On 5/12/15, 2:14 PM, "Alexander Bokovoy" <aboko...@redhat.com> wrote: >Can you configure SSSD on RHEL5 clients? A simple LDAP provider with a >base cn=compat,dc=ipa,dc=example,dc=com. > >Simple ldapsearch needs to include proper filter, like what SSSD or >nss_ldap are using. slapi-nis is programmed to specifically respond to >their queries, not to any request over compat tree. > >If you want to check from the command line, use a filter like > > (&(uid=AD_user)(objectclass=posixaccount)) > > >-- >/ Alexander Bokovoy [(&(uid=goul09)(objectclass=posixAccount))][cn=accounts,dc=unix,dc=osumc,dc =edu] > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
