On Mon, Jun 06, 2016 at 06:26:43PM +0300, Serge Krawczenko wrote: > Hello, > my apologies if the question is asked too frequently > > While implementing an SSO in my environment, i have a need to integrate > with existing AD Win2008R2. > The systems i need to be included into SSO can only authorize via LDAP, > many of them have been already configured and tested against FreeIPA and > local users. Those systems are apache, jira, radius and so. > > However, how is it applicable for external users from windows AD? > Trusted relations have been configured according to manual. > > As stated in FreeIPA 4.3 release notes, > > "AD users are now shown as members of IPA groups when external group is > added to IPA group #4403" > > So i expect external users to be visible by ldapsearch etc on FreeIPA upon > corresponding groups mapping. Well, no. Users are not visible.
How does your ldapsearch command look like? Are you searching in the compat tree 'cn=compat,dc=your,dc=ipa,dc=domain'? Do you have slapi-nis enabled? HTH bye, Sumit > > Please advise is this achievable at all or do i have some fundamental > misunderstanding of the technology or is there some misconfiguration? > > Thanks a lot. > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project