Thanks guys,

I think there might be a way to modify the LDAP query. I'm speaking to the
EMC /  Dell support personnel today to see what can be done.

Regards,

Hanoz


*Hanoz Elavia |*  IT Manager
*O:* 604-734-2866 *|*  *www.atomiccartoons.com
<http://www.atomiccartoons.com>*
112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6

On Wed, Feb 22, 2017 at 6:50 AM, Alexander Bokovoy <aboko...@redhat.com>
wrote:

> On ke, 22 helmi 2017, Jason B. Nance wrote:
>
>> There is none. Compat tree is built with RFC2307 queries in mind.
>>> RFC2307 clients issue a request with a specific user or group name and
>>> that triggers lookup of AD user/group through SSSD and insertion into
>>> the compat tree. A part of the trigger is how LDAP filter is built (see
>>> RFC for those). If your software does not use the same filter, you
>>> wouldn't get a response.
>>>
>>
>> Are you saying that there is an LDAP query you can use to retrieve the
>> UID/GID of a user/group that is known via an AD trust as long as the
>> filter is correct?  I ran into this same situation (with a storage
>> appliance) and thought that the problem was that the UIDs/GIDs were
>> calculated but never stored, but I hadn't stopped to think about how
>> whether sssd (on the local machine) retrieves them from FreeIPA or does
>> the calculation.
>>
> Read https://pagure.io/slapi-nis/blob/master/f/doc/ipa/sch-ipa.txt
>
>
>
> --
> / Alexander Bokovoy
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to