Hi, when a trust is established with posix range type, the users need to have uidNumber and gidNumber set on AD side. If you want IdM to generate uid and gid, the range type has to be ipa-ad-trust instead of ipa-ad-trust-posix but I believe the posix attributes of the AD entries won't be taken into account in this case (even if the AD entry contains a uidnumber/gidnumber, the one seen from IdM clients will be generated and is likely to differ). flo
On Fri, May 7, 2021 at 3:34 PM iulian roman via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > I have configured a trust between IdM and Active Directory with posix > range type. The users which do have an uidNumber in AD are correctly > listed, but those without uidNumber are not (similar for the groups). > Is there any setting or possibility to have the AD users without uidNumber > get an uid generated automatically (if they do not have one in AD) by IPA > and listed as AD users in Linux ? > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
