On 05/12/2015 10:48 PM, Gould, Joshua wrote:
> Hopefully I¹m missing something simple.
> 
> For an IPA user:
> $ ldapsearch -x ³(&(uid=ipa_user)(objectclass=posixAccount))² -b
> dc=ipa,dc=example,dc=com
> 
> This returns a match.
> 
> For an AD user:
> $ ldapsearch -x ³(&(uid=ad_user)(objectclass=posixAccount))² -b
> cn=compat,dc=ipa,dc=example,dc=com
> 
> Does not return any matches.
> 
> I verified that all my IPA servers have the compatibility plugin enabled.
> 
> # ipa-compat-manage status
> Directory Manager password:
> 
> Plugin Enabled
> #

I may be asking the obvious, but "ad_user" is fully qualified, right? I.e.
adu...@my.ad.domain.test?

Testing the log in on the server system as Dmitri advised is also a good test
to make.

> 
> 
> On 5/12/15, 2:14 PM, "Alexander Bokovoy" <aboko...@redhat.com> wrote:
> 
>> Can you configure SSSD on RHEL5 clients? A simple LDAP provider with a
>> base cn=compat,dc=ipa,dc=example,dc=com.
>>
>> Simple ldapsearch needs to include proper filter, like what SSSD or
>> nss_ldap are using. slapi-nis is programmed to specifically respond to
>> their queries, not to any request over compat tree.
>>
>> If you want to check from the command line, use a filter like
>>
>> (&(uid=AD_user)(objectclass=posixaccount))
>>
>>
>> -- 
>> / Alexander Bokovoy
> 
> [(&(uid=goul09)(objectclass=posixAccount))][cn=accounts,dc=unix,dc=osumc,dc
> =edu]
>>
> 
> 
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to