[Freeipa-users] whats the recommended way to change OU structures in IPA?
Simo Sorce
simo at redhat.com
Mon Aug 6 15:25:47 UTC 2012
On Mon, 2012-08-06 at 16:07 +0100, Dale Macartney wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Afternoon all
>
> Although I can use any ldapmodify capable tool to do this, I was
> wondering what the "recommended" way that we should be telling customers
> who want to change OU trees?
None, FreeIPA does not support non-flat trees at the moment, sorry.
> e.g, say in a high school using IPA, they wished to create a parent OU
> called cn=school accounts,dc=example,dc=com and inside that OU there are
> two more OU's. One for staff and one for students?
>
> Presumably this is not possible through the webUI.
It is not possible through any UI at the moment.
We recommend you use groups to create organizational groups.
You could use DS views [1] to then show them as trees in theory but we
haven't any official guide on that for FeeeIPA yet.
> Also what are the implications if I move a user that was created with
> "ipa user-add" into a non-default OU? will it break anything? Whats the
> best way to move an existing user into one of the above OU's?
>
> Any thoughts?
WebUI and CLI tool will not behave properly if you try to change the
DIT.
Simo.
[1]
https://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Deployment_Guide/Designing_the_Directory_Tree.html#Designing_the_Directory_Tree-Virtual_Directory_Information_Tree_Views
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list