Hi Sumit ----- On Jan 11, 2017, at 12:51 PM, Sumit Bose [email protected] wrote:
> > I guess this is because the last update on one server was done with data > from LDAP while the other used data from the Global Catalog. In general > missing data in the GC should not remove the data read from LDAP, there > is already https://fedorahosted.org/sssd/ticket/2474 to track this. As always, looks spot on, and explains what we saw. > > We plan to allow to configure sub-domains individually in one of the > next releases, see https://fedorahosted.org/sssd/ticket/2599 . > > In the meantime you might want to try id-overrides for users which have > /bin/false set as shell in AD? > Yes, it would be nice to have the ability to configure individual things on the AD domains. For now, we'll implement ID override on users who we find to have this problem. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
