On Mon, 02 May 2016, Sullivan, Daniel [AAA] wrote:
Hi, Jakub,

Thank you for taking the time to reply to my email.  It is nice to know
that short names will be possible in 7.3.  Unfortunately this will not
address the problem we are trying to resolve; to make a long story
short we are working with a proprietary system called Isilon OneFS (a
scale out NAS platform made by EMC); we are aggregating records from
disparate authenticate sources into a single identity (the mapping
engine is proprietary).   The aggregation logic implemented matches
based on username.  So, we need the user (and group) names in their
short representation served up via either LDAP or NIS, not just via

It sounds like with 7.3 it might be possible to do this if we implement
a NIS server on a client running an SSSD client with id_provider=ipa.

One of the things we are struggling with is enumerating every object
(of either user or group class) of a foreign domain via querying IPA’s
LDAP server.  It is possible to explicitly query entries from remote
domain from my IPA instance via LDAP by querying for
username@f.q.d.n<mailto:username@f.q.d.n>, but it does not seem
possible to query for all user objects in a foreign domain by doing
something such as a wildcard search.  If it is possible to enumerate
all objects from a specific class from a foreign domain (i.e. force the
generation of anchor records), we be interested in the methodology
behind this.
I don't think it would be possible. That's a short answer and if you
want to discuss it, I'd hope someone from your team would be at SambaXP
next week where we could discuss it in more detail.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to