[Freeipa-users] Serving RFC2307 to OS X clients
Ian Levesque
ian at crystal.harvard.edu
Thu Jun 7 21:34:58 UTC 2012
On Jun 7, 2012, at 5:27 PM, Nalin Dahyabhai wrote:
> On Thu, Jun 07, 2012 at 05:03:11PM -0400, Ian Levesque wrote:
>> Hello,
>>
>> I've read that the schema compatibility plugin should provide a vanilla RFC 2307 view of groups with memberUid attributes. I need this for our OS X clients, which don't seem capable of understanding the RFC 2307bis format of member DNs.
>>
>> So, I enabled the plugin using `ipa-compat-manage enable` and ensured it's loaded via `ipa-compat-manage status`. I restarted the directory server.
>>
>> However, I don't get memberUid attributes. I've seen some docs that say "cn=compat" should be added to the default base, but that returns nothing:
>>
>> ldapsearch -LLL -x -h sbgrid-directory -b cn=groups,cn=accounts,cn=compat,dc=sbgrid,dc=org cn=builders
>> No such object (32)
>> Matched DN: dc=sbgrid,dc=org
>
> Try using "cn=groups,cn=compat,dc=sbgrid,dc=org" as the search base. We
> don't put a "cn=accounts" container under cn=compat by default.
Hi Nalin - thanks for the tip; unfortunately, there doesn't appear to be anything in cn=compat:
# ldapsearch -LLL -x -h sbgrid-directory -b cn=groups,cn=compat,dc=sbgrid,dc=org
No such object (32)
Matched DN: dc=sbgrid,dc=org
# ldapsearch -LLL -x -h sbgrid-directory -b cn=compat,dc=sbgrid,dc=org
No such object (32)
Matched DN: dc=sbgrid,dc=org
Best regards,
Ian
More information about the Freeipa-users
mailing list