Bug 1585020 - Enable compat tree to provide information about AD users and groups on trust agents
Summary: Enable compat tree to provide information about AD users and groups on trust ...
Keywords:
Status: ASSIGNED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-06-01 07:24 UTC by Alexander Bokovoy
Modified: 2019-08-07 14:18 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)

Description Alexander Bokovoy 2018-06-01 07:24:53 UTC
RHEL IdM has an option to enable serving information about AD users and groups in the compatibility tree (RFC2307) when converting IdM master to AD trust controller. At the same time, AD trust controller can designate other IdM masters to be able to resolve information about AD users and groups by promoting them to AD trust agents.

However, there is no way to configure the compatibility tree on AD trust agents to serve information about AD users and groups. As result, if legacy clients are configured to use the compatibility tree on AD trust agents as opposed to AD trust controllers, information about AD users' group membership will be missing.

We should provide means to enable this functionality in the compatibility tree on AD trust agents independently from converting AD trust agent to AD trust controller.

Comment 2 Florence Blanc-Renaud 2018-06-25 15:15:55 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/7600


Note You need to log in before you can comment on or make changes to this bug.