Jakub, Thank you for your reply. I did not know that the compat tree was populated from sssd; Do you have any experience and or recommendation on using the full_name_format variable of sssd.conf to manipulate how cn’s are populated in anchor records? Basically I’m interested in trying to get IPA to provision anchor records for a trusted domain without the @f.d.q.n appended to usernames. It seems like having a custom full_name_format (sssd.conf) possibly in conjunction with default_domain_suffix (sssd.conf) might achieve this (have already done some internal testing with partial results, running into some issues but interested in yours and the groups opinion on the viability of this).
I appreciate your help. Best, Dan > On Apr 28, 2016, at 11:29 AM, Jakub Hrozek <[email protected]> wrote: > > On Wed, Apr 27, 2016 at 06:58:35PM +0000, Sullivan, Daniel [AAA] wrote: >> Hi, >> >> I have a trusted AD domain that I am enumerating object via IPA. I wanted >> to know if i should be able to manipulate the uidNumber and gidNumber stored >> in the default ID view via by using the ldapmodify command, for example, for >> this DN (not local): >> >> [email protected],cn=users,cn=compat,dc=ipatst,dc=cri,dc=uchicago,dc=edu > > The compat tree is autogenerated and can't be modified. > > If you want ID views to be applicable to clients using the compat tree, > you can define the overrides using the standard IPA CLI tools in the > "default Trust View", because that one is applied on the server itself > and the compat tree is autogenerated from the data that SSSD on the > server delivers. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project ******************************************************************************** This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged and confidential. If the reader of this e-mail message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is prohibited. If you have received this e-mail in error, please notify the sender and destroy all copies of the transmittal. Thank you University of Chicago Medicine and Biological Sciences ******************************************************************************** -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
