On Mon, Jun 06, 2016 at 06:26:43PM +0300, Serge Krawczenko wrote:
> Hello,
> my apologies if the question is  asked too frequently
> 
> While implementing an SSO in my environment, i have a need to integrate
> with existing AD Win2008R2.
> The systems i need to be included into SSO can only authorize via LDAP,
> many of them have been already configured and tested against FreeIPA and
> local users. Those systems are apache, jira, radius and so.
> 
> However, how is it applicable for external users from windows AD?
> Trusted relations have been configured according to manual.
> 
> As stated in FreeIPA 4.3 release notes,
> 
> "AD users are now shown as members of IPA groups when external group is
> added to IPA group #4403"
> 
> So i expect external users to be visible by ldapsearch etc on FreeIPA upon
> corresponding groups mapping. Well, no. Users are not visible.

How does your ldapsearch command look like? Are you searching in the
compat tree 'cn=compat,dc=your,dc=ipa,dc=domain'? Do you have slapi-nis
enabled?

HTH

bye,
Sumit

> 
> Please advise is this achievable at all or do i have some fundamental
> misunderstanding of the technology or is there some misconfiguration?
> 
> Thanks a lot.

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to