Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1585020
RHEL IdM has an option to enable serving information about AD users and groups
in the compatibility tree (RFC2307) when converting IdM master to AD trust
controller. At the same time, AD trust controller can designate other IdM
masters to be able to resolve information about AD users and groups by
promoting them to AD trust agents.
However, there is no way to configure the compatibility tree on AD trust agents
to serve information about AD users and groups. As result, if legacy clients
are configured to use the compatibility tree on AD trust agents as opposed to
AD trust controllers, information about AD users' group membership will be
We should provide means to enable this functionality in the compatibility tree
on AD trust agents independently from converting AD trust agent to AD trust
Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1585020
to comment on this ticket.