Can I please get clarification on a FreeIPA instance (as IdM in RHEL8.3) and AD's POSIX attributes?
From what I can see, the POSIX attributes - are ignored? Specifically, when I run $ id u...@ad.domain.com $ id -u u...@ad.domain.com $ id -g u...@ad.domain.com The POSIX attribute values are not being returned. I am getting a correct list of AD groups etc, which is great. But no POSIX attributes. Do I need to explicitly request those attributes? I note that there is an article from 2017 (1) "Configuring an Active Directory Domain with POSIX Attributes" which declares itself deprecated for (2) "Chapter 8. Using ID Views in Active Directory Environments", which is RHEL7. From what I can see both of these are about direct attachment to AD rather than for use in an IPA instance (although they reference IdM) It looks like AD side POSIX attributes are only available to direct integration and even then only when specifically installed with realm (direct integration) and --automatic-id-mapping=no (3) (1) https://access.redhat.com/articles/3023821 (2) https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/id-views (3) https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-sssd_integrating-rhel-systems-directly-with-active-directory#using-posix-attributes-defined-in-active-directory_connecting-directly-to-ad Cheers L. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
