Hopefully I¹m missing something simple.

For an IPA user:
$ ldapsearch -x ³(&(uid=ipa_user)(objectclass=posixAccount))² -b

This returns a match.

For an AD user:
$ ldapsearch -x ³(&(uid=ad_user)(objectclass=posixAccount))² -b

Does not return any matches.

I verified that all my IPA servers have the compatibility plugin enabled.

# ipa-compat-manage status
Directory Manager password:

Plugin Enabled

On 5/12/15, 2:14 PM, "Alexander Bokovoy" <aboko...@redhat.com> wrote:

>Can you configure SSSD on RHEL5 clients? A simple LDAP provider with a
>base cn=compat,dc=ipa,dc=example,dc=com.
>Simple ldapsearch needs to include proper filter, like what SSSD or
>nss_ldap are using. slapi-nis is programmed to specifically respond to
>their queries, not to any request over compat tree.
>If you want to check from the command line, use a filter like
> (&(uid=AD_user)(objectclass=posixaccount))
>/ Alexander Bokovoy


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to