48.3. 为 IdM 服务器中的 ID 视图设置域解析顺序

1. Active Directory(AD)子域 subdomain1.ad.example.com
2. AD root 域 ad.example.com
3. IdM 域 idm.example.com

流程

1. 创建 ID 视图，并设置 the -domain-resolution-order 选项。

   [user@server ~]$ ipa idview-add ADsubdomain1_first --desc "ID view for resolving AD subdomain1 first on client1.idm.example.com" --domain-resolution-order subdomain1.ad.example.com:ad.example.com:idm.example.com
   ---------------------------------
   Added ID View "ADsubdomain1_first"
   ---------------------------------
   ID View Name: ADsubdomain1_first
   Description: ID view for resolving AD subdomain1 first on client1.idm.example.com
   Domain Resolution Order: subdomain1.ad.example.com:ad.example.com:idm.example.com

   Copy to Clipboard Toggle word wrap

2. 将 ID 视图应用到 IdM 主机。

   [user@server ~]$ ipa idview-apply ADsubdomain1_first --hosts client1.idm.example.com
   -----------------------------------
   Applied ID View "ADsubdomain1_first"
   -----------------------------------
     hosts: client1.idm.example.com
   ---------------------------------------------
   Number of hosts the ID View was applied to: 1
   ---------------------------------------------

   Copy to Clipboard Toggle word wrap

验证

1. 显示 ID 视图的详细信息。

   [user@server ~]$ ipa idview-show ADsubdomain1_first --show-hosts
     ID View Name: ADsubdomain1_first
     Description: ID view for resolving AD subdomain1 first on client1.idm.example.com
     Hosts the view applies to: client1.idm.example.com
     Domain resolution order: subdomain1.ad.example.com:ad.example.com:idm.example.com

   Copy to Clipboard Toggle word wrap

2. 验证您只能使用简短名称从 subdomain1.ad.example.com 域检索用户的用户信息。

   [root@client1 ~]# id <user_from_subdomain1>
   uid=1916901106(user_from_subdomain1) gid=1916900513(domain users) groups=1916900513(domain users)

   Copy to Clipboard Toggle word wrap