On 05/12/2015 10:48 PM, Gould, Joshua wrote: > Hopefully I¹m missing something simple. > > For an IPA user: > $ ldapsearch -x ³(&(uid=ipa_user)(objectclass=posixAccount))² -b > dc=ipa,dc=example,dc=com > > This returns a match. > > For an AD user: > $ ldapsearch -x ³(&(uid=ad_user)(objectclass=posixAccount))² -b > cn=compat,dc=ipa,dc=example,dc=com > > Does not return any matches. > > I verified that all my IPA servers have the compatibility plugin enabled. > > # ipa-compat-manage status > Directory Manager password: > > Plugin Enabled > #
I may be asking the obvious, but "ad_user" is fully qualified, right? I.e. [email protected]? Testing the log in on the server system as Dmitri advised is also a good test to make. > > > On 5/12/15, 2:14 PM, "Alexander Bokovoy" <[email protected]> wrote: > >> Can you configure SSSD on RHEL5 clients? A simple LDAP provider with a >> base cn=compat,dc=ipa,dc=example,dc=com. >> >> Simple ldapsearch needs to include proper filter, like what SSSD or >> nss_ldap are using. slapi-nis is programmed to specifically respond to >> their queries, not to any request over compat tree. >> >> If you want to check from the command line, use a filter like >> >> (&(uid=AD_user)(objectclass=posixaccount)) >> >> >> -- >> / Alexander Bokovoy > > [(&(uid=goul09)(objectclass=posixAccount))][cn=accounts,dc=unix,dc=osumc,dc > =edu] >> > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
