On Wed, Mar 5, 2025 at 6:16 PM Ronald Wimmer via FreeIPA-users < [email protected]> wrote: > > We have a trust between the ipa domain (ipa.mydomain.at) and some AD > domain (windows.mydomain.at). > > A user 'userxy' exists in both domains. > > [email protected] is not mapped into IPA as described in > https://access.redhat.com/solutions/1506103 > > ipadomainresolutionorder is set to > windows.mydomain.at,ipa.mydomain.at,someotherdomain.mydomain.at > > Should [email protected] be visible (getent passwd, id) in IPA > or not? (because it is and I did not expect this)
Once you have a trust between IPA and AD yes, the user is visible in IPA. Below is some output from a machine with only the one-way trust set: ```[root@server-trust /]# ipa idoverrideuser-find "Default Trust View" --------------------------- 0 User ID overrides matched --------------------------- ---------------------------- Number of entries returned 0 ---------------------------- [root@server-trust /]# ipa user-find -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash Principal alias: [email protected], [email protected] UID: 60000 GID: 60000 Account disabled: False ---------------------------- Number of entries returned 1 ---------------------------- [root@server-trust /]# getent passwd [email protected] [email protected]:*:1499401108:1499401108:John Doe:/home/ad.ipa.test/jdoe: ``` HTH, Rafael > > Cheers, > Ronald > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
