Hey Alex, Thanks, I ran ipa-compat-manage status and it shows Plugin enabled. I'll have a look at the link and see if we can change the query to obtain the info required.
Regards, Hanoz *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.com>* 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 On Wed, Feb 22, 2017 at 8:34 AM, Alexander Bokovoy <[email protected]> wrote: > On ke, 22 helmi 2017, Hanoz Elavia wrote: > >> Thanks Alex, >> >> Does it also means that I'll have to install the FreeIPA server with >> --enable-compat ? I didn't do that. >> > > check ipa-compat-manage tool. > > >> Regards, >> >> Hanoz >> >> >> *Hanoz Elavia |* IT Manager >> *O:* 604-734-2866 *|* *www.atomiccartoons.com >> <http://www.atomiccartoons.com>* >> 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 >> >> On Wed, Feb 22, 2017 at 7:22 AM, Alexander Bokovoy <[email protected]> >> wrote: >> >> On ke, 22 helmi 2017, Hanoz Elavia wrote: >>> >>> Hey Alex, >>>> >>>> Thanks for the link, isn't RFC 2307 implemented as Services for Unix in >>>> Windows 2008 R2? Apologies for not mentioning this earlier but I haven't >>>> enabled that mainly because SSSD now maps the IDs. Also, in the newer >>>> version of the Windows Server, SFU seems to have been discontinued. >>>> >>>> I think you are confused by the names. What Compat tree provides is an >>> interface on IPA side to look up identities of AD users and groups over >>> LDAP. Compat tree will do lookup through SSSD on your behalf. This means >>> we don't depend on how Windows side provides or does not provide >>> attributes. >>> Everything SSSD can resolve, can be returned, be it stored in AD LDAP, >>> generated by SSSD, or stored in ID overrides in IPA. >>> >>> But the query format is the one described in RFC 2307 because this is >>> what all nss implementations like nss_ldap or similar ones use in >>> UNIX-like environments. Windows Server is merely implementing the same >>> LDAP schema to allow interoperability with the same clients. Think of >>> Compat Tree in IPA as doing the same, just dynamically. >>> >>> >>> -- >>> / Alexander Bokovoy >>> >>> > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
