Hey Alex, Thanks for the link, isn't RFC 2307 implemented as Services for Unix in Windows 2008 R2? Apologies for not mentioning this earlier but I haven't enabled that mainly because SSSD now maps the IDs. Also, in the newer version of the Windows Server, SFU seems to have been discontinued.
Since there is a possibility of us having to upgrade in the future, I tried to keep SFU out of the picture. Please let me know your thoughts. Here's some additional info regarding the environment: Windows ADs: Windows Server 2008 R2 FreeIPA Server: CentOS 7.2 x86_64 FreeIPA Server Version: 4.4.0.14 FreeIPA Client Version: 4.4.0.14 SSSD Version: 1.14.0-43 Thanks, Hanoz *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.com>* 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 On Wed, Feb 22, 2017 at 7:05 AM, Hanoz Elavia <h.ela...@atomiccartoons.com> wrote: > Thanks guys, > > I think there might be a way to modify the LDAP query. I'm speaking to the > EMC / Dell support personnel today to see what can be done. > > Regards, > > Hanoz > > > *Hanoz Elavia |* IT Manager > *O:* 604-734-2866 *|* *www.atomiccartoons.com > <http://www.atomiccartoons.com>* > 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 > > On Wed, Feb 22, 2017 at 6:50 AM, Alexander Bokovoy <aboko...@redhat.com> > wrote: > >> On ke, 22 helmi 2017, Jason B. Nance wrote: >> >>> There is none. Compat tree is built with RFC2307 queries in mind. >>>> RFC2307 clients issue a request with a specific user or group name and >>>> that triggers lookup of AD user/group through SSSD and insertion into >>>> the compat tree. A part of the trigger is how LDAP filter is built (see >>>> RFC for those). If your software does not use the same filter, you >>>> wouldn't get a response. >>>> >>> >>> Are you saying that there is an LDAP query you can use to retrieve the >>> UID/GID of a user/group that is known via an AD trust as long as the >>> filter is correct? I ran into this same situation (with a storage >>> appliance) and thought that the problem was that the UIDs/GIDs were >>> calculated but never stored, but I hadn't stopped to think about how >>> whether sssd (on the local machine) retrieves them from FreeIPA or does >>> the calculation. >>> >> Read https://pagure.io/slapi-nis/blob/master/f/doc/ipa/sch-ipa.txt >> >> >> >> -- >> / Alexander Bokovoy >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project