Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1362272
Description of problem: There is no email attribute available for users (objectClass=posixAccount) in the LDAP compat tree for IDM which limits ability to use compat tree as authentication endpoint for many web services. We require use of compat tree to be able to authenticate AD users in trusted AD domain with 2FA support (see Case #01674258 for background information on PCI-DSS 3.2 and 2FA). Is it possible for email attribute to be added to compat tree? There is some discussion on https://www.redhat.com/archives/freeipa-users/2015-June/msg00538.html. Are there plans to add this in an upcoming AD release?
per triage, implementation may depend on/greatly benefit from Global Catalog RFE
Metadata Update from @pvoborni: - Issue assigned to someone - Issue set to the milestone: Future Releases
This looks like a duplicate of https://pagure.io/freeipa/issue/5521
Login to comment on this ticket.