On ke, 22 marras 2017, Николай Савельев via FreeIPA-users wrote:
I think the better reference in the documentation is
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-legacy
If there is a trust to an AD forest and 'ipa-adtrust-install
--enable-compat' was called. there will be a special sub-tree in
FreeIPA's LDAP tree cn=compat,dc=ipa,dc=domain. AD user can be searched
in this sub-tree and if the user was found you can the the DN of the
user to bind to FreeIPA's LDAP server with the AD password.
Btw, I guess Owncloud supports PAM authentication as well, in this case
you can just configure Owncloud's PAM module to use SSSD on an IPA
client and SSSD will do the authentication of AD users for you.
HTH
bye,
Sumit
rob
I did 'ipa-adtrust-install --enable-compat'
But in cn=compat,dc=test,dc=loc are only IPA users
How can I insert AD users in cn=compat,dc=test,dc=loc?
By using LDAP queries as described in RFC2307. AD users should be
specified in fully-qualified name format.
--
/ Alexander Bokovoy
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org