Thanks a lot Alexander
Strange, I am almost sure I got no results earlier if I used uid=*xxxx* searches
Users are perfectly found now.... both fully-qualified and wither other queries.
Honestly, it's a bit a missing feature (for my use cases!) that RFC2307bis draft 02 presentation is missing for AD users,
on the other side it is a very nice accomplishment that both RFC2307 in compat and RFC2307bis in cn=accounts are available in FreeIPA.
Its a perfect platform for Linux and suitable for Unix....Because IMO LDAP always has been a bit too complicated for system auth ;-)
$ ldapsearch -Y GSSAPI -b cn=compat,dc=accnix,dc=infrabel,dc=be '(&(objectClass=posixAccount)(uid=*mcj*))'
SASL/GSSAPI authentication started
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <cn=compat,dc=accnix,dc=infrabel,dc=be> with scope subtree
# filter: (&(objectClass=posixAccount)(uid=*mcj*))
# requesting: ALL
#
be
objectClass: posixAccount
objectClass: ipaOverrideTarget
objectClass: top
gecos: x
cn: x
uidNumber: x
gidNumber: x
ipaAnchorUUID:: x
Thx a lot!
-- Pieter