[Freeipa-users] Re: FreeIPA-users Digest, Vol 7, Issue 22
Thans! 22.11.2017, 15:39, "Alexander Bokovoy" : > On ke, 22 marras 2017, Николай Савельев via FreeIPA-users wrote: >>> I think the better reference in the documentation is >>> >>> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-legacy >>> >>> If there is a trust to an AD forest and 'ipa-adtrust-install >>> --enable-compat' was called. there will be a special sub-tree in >>> FreeIPA's LDAP tree cn=compat,dc=ipa,dc=domain. AD user can be searched >>> in this sub-tree and if the user was found you can the the DN of the >>> user to bind to FreeIPA's LDAP server with the AD password. >>> >>> Btw, I guess Owncloud supports PAM authentication as well, in this case >>> you can just configure Owncloud's PAM module to use SSSD on an IPA >>> client and SSSD will do the authentication of AD users for you. >>> >>> HTH >>> >>> bye, >>> Sumit >>> rob >> >> I did 'ipa-adtrust-install --enable-compat' >> But in cn=compat,dc=test,dc=loc are only IPA users >> How can I insert AD users in cn=compat,dc=test,dc=loc? > > By using LDAP queries as described in RFC2307. AD users should be > specified in fully-qualified name format. > > -- > / Alexander Bokovoy -- С уважением, Николай. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA-users Digest, Vol 7, Issue 22
On ke, 22 marras 2017, Николай Савельев via FreeIPA-users wrote: I think the better reference in the documentation is https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-legacy If there is a trust to an AD forest and 'ipa-adtrust-install --enable-compat' was called. there will be a special sub-tree in FreeIPA's LDAP tree cn=compat,dc=ipa,dc=domain. AD user can be searched in this sub-tree and if the user was found you can the the DN of the user to bind to FreeIPA's LDAP server with the AD password. Btw, I guess Owncloud supports PAM authentication as well, in this case you can just configure Owncloud's PAM module to use SSSD on an IPA client and SSSD will do the authentication of AD users for you. HTH bye, Sumit rob I did 'ipa-adtrust-install --enable-compat' But in cn=compat,dc=test,dc=loc are only IPA users How can I insert AD users in cn=compat,dc=test,dc=loc? By using LDAP queries as described in RFC2307. AD users should be specified in fully-qualified name format. -- / Alexander Bokovoy ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA-users Digest, Vol 7, Issue 22
> > I think the better reference in the documentation is > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-legacy > > If there is a trust to an AD forest and 'ipa-adtrust-install > --enable-compat' was called. there will be a special sub-tree in > FreeIPA's LDAP tree cn=compat,dc=ipa,dc=domain. AD user can be searched > in this sub-tree and if the user was found you can the the DN of the > user to bind to FreeIPA's LDAP server with the AD password. > > Btw, I guess Owncloud supports PAM authentication as well, in this case > you can just configure Owncloud's PAM module to use SSSD on an IPA > client and SSSD will do the authentication of AD users for you. > > HTH > > bye, > Sumit > >> rob I did 'ipa-adtrust-install --enable-compat' But in cn=compat,dc=test,dc=loc are only IPA users How can I insert AD users in cn=compat,dc=test,dc=loc? -- С уважением, Николай. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org