Hi,

On a test FreeIPA environment (4.5.0-22), a user is shown using the id command, so ID Override is working as well.
id xxxx@accmsnet.railb.be
uid=8028(xxx@Accmsnet.railb.be) gid=4030(ucc) groups=4030(ucc),702800513(domain users@Accmsnet.railb.be),1318400009(ad_users) 

However this particular (AD) user is not shown using an ldapsearch in the compat 
ldapsearch -Y GSSAPI -b cn=compat,dc=accnix,dc=infrabel,dc=be '(&(objectClass=posixAccount)(uid=xxxx))'

# extended LDIF
#
# LDAPv3
# base <cn=compat,dc=accnix,dc=infrabel,dc=be> with scope subtree
# filter: (&(objectClass=posixAccount)(uid=mcj7700))
# requesting: ALL
#

# search result
search: 4
result: 0 Success

Any idea? This is not happening in our production environment.
I cleared caches, did enable slapi-compat, and even tried adding the resolution by an ldif to be sure
I did also re-run ipa-adtrust-install 

I really don't understand why the AD users are not visible in LDAP....

Sincerely Pieter