[Freeipa-users] Re: AD user shown id command but visible for ldapsearch

Thanks a lot Alexander Strange, I am almost sure I got no results earlier if I used uid=*xxxx* searches Users are perfectly found now.... both fully-qualified and wither other queries. Honestly, it's a bit a missing feature (for my use cases!) that RFC2307bis draft 02 presentation is missing for AD users, on the other side it is a very nice accomplishment that both RFC2307 in compat and RFC2307bis in cn=accounts are available in FreeIPA. Its a perfect platform for Linux and suitable for Unix....Because IMO LDAP always has been a bit too complicated for system auth ;-) $ ldapsearch -Y GSSAPI -b cn=compat,dc=accnix,dc=infrabel,dc=be '(&(objectClass=posixAccount)(uid=*mcj*))' SASL/GSSAPI authentication started SASL username: admin(a)ACCNIX.INFRABEL.BE SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <cn=compat,dc=accnix,dc=infrabel,dc=be> with scope subtree # filter: (&(objectClass=posixAccount)(uid=*mcj*)) # requesting: ALL # # mcj7700(a)accmsnet.railb.be, users, compat, accnix.infrabel.be dn: uid=mcj7700(a)accmsnet.railb.be ,cn=users,cn=compat,dc=accnix,dc=infrabel,dc= be objectClass: posixAccount objectClass: ipaOverrideTarget objectClass: top gecos: x cn: x uidNumber: x gidNumber: x homeDirectory: /home/Accmsnet.railb.be/mcj7700 ipaAnchorUUID:: x uid: mcj7700(a)accmsnet.railb.be Thx a lot! -- Pieter On Wed, Jul 4, 2018 at 7:22 AM Alexander Bokovoy <abokovoy(a)redhat.com&gt; wrote: