Hi Florence,
Thank you for clarification. I have indeed the Default Trust View empty (I was confused by the statement in the doc link , because it mentions that "Default Trust View is always applied to ad users", without mentioning if it can be empty or not and override done only for some specific hosts). The users on the IPA clients which do not have any override will just use the UID based on the AD SID and the users on the IPA clients which are in the host group for override will use the UID which I specified. So far, this seems to be an acceptable compromise (I am interested to override only for legacy servers which need to keep the old UID for users). _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure