Hi Florence,
Thank you for clarification. I have indeed the Default Trust View empty (I was confused by
the statement in the doc link , because it mentions that "Default Trust View is
always applied to ad users", without mentioning if it can be empty or not and
override done only for some specific hosts). The users on the IPA clients which do not
have any override will just use the UID based on the AD SID and the users on the IPA
clients which are in the host group for override will use the UID which I specified.
So far, this seems to be an acceptable compromise (I am interested to override only for
legacy servers which need to keep the old UID for users).