Cannot see POSIX attributes from Active Directory via IPA-AD trust
Issue
We are experiencing problems with LDAP access from IPA servers in IPA-AD scenario with one-way trust (Win 2012). Trust itself works fine. I can do kinit with user@EXAMPLE.TT
, I can run id
and getent passwd user@example.tt
and I can use user@example.tt
for ssh.
I have set attributes in AD for user@EXAMPLE.TT
and they are available in the Global Catalog service. Problem is, that I am not getting uid
from AD but SSSD assigns a new one from the ID range associated with the trust.
Environment
RHEL 7.2 IDM configuration with trust to Active Directory established
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.