Thanks, I have stumbled upon a solution yesterday, which was to change the ldap search base to cn=compat,dc=ipa,dc=localdomain (from dc=ipa,dc=localdomain). The curious thing is "dc=ipa,dc=localdomain" as the search base was working before the RHEL8 patch cycle. Wondering if that was a bug that made our lookups work as a fluke, or is it a new thing that cn=compat needs to be explicitly specified?
Thanks! On Tue, Nov 22, 2022 at 8:08 PM Alexander Bokovoy <[email protected]> wrote: > > This looks like you are relying on the compat tree functionality for > represent AD users in the compat tree (cn=compat,$BASEDN). Compat tree > is using SSSD on IPA master to resolve these requests so there should be > traces of those operations, if it succeeded/failed. Raise debug logs in > SSSD to see those. > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
