On Sun, Feb 26, 2017 at 12:12:23PM -0800, Hanoz Elavia wrote:
> Hey guys,
> Is it possible to disable ID mapping for AD users in a FreeIPA AD trust
> setup?
> The version report is as follows:
> AD: Windows 2008 R2
> FreeIPA Server: 4.4.0-14
> FreeIPA Client: 4.4.0-14
> SSSD: 1.14.0-43
> Linux version: CentOS 7.3 x64_86
> I've tried setting ldap_id_mapping = False in sssd.conf in the IPA domain
> sectionwith no success.
> Regards,
> Hanoz

In IPA-AD trust environment the mapping is managed on the server. So
you'd need to remove the algorithmical range and add a POSIX range
instead (see  ipa help idrange-add, --type=['ipa-ad-trust-posix',
'ipa-ad-trust', 'ipa-local'])

Note that clients cannot modify the range type at the moment, so you
also need to remove the cache from all clients in the domain.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to