[Freeipa-users] Serving RFC2307 to OS X clients
Ian Levesque
ian at crystal.harvard.edu
Thu Jun 7 21:03:11 UTC 2012
Hello,
I've read that the schema compatibility plugin should provide a vanilla RFC 2307 view of groups with memberUid attributes. I need this for our OS X clients, which don't seem capable of understanding the RFC 2307bis format of member DNs.
So, I enabled the plugin using `ipa-compat-manage enable` and ensured it's loaded via `ipa-compat-manage status`. I restarted the directory server.
However, I don't get memberUid attributes. I've seen some docs that say "cn=compat" should be added to the default base, but that returns nothing:
ldapsearch -LLL -x -h sbgrid-directory -b cn=groups,cn=accounts,cn=compat,dc=sbgrid,dc=org cn=builders
No such object (32)
Matched DN: dc=sbgrid,dc=org
When I search the default base, things look unchanged (obviously, no memberUid here):
ldapsearch -LLL -x -h sbgrid-directory -b cn=groups,cn=accounts,dc=sbgrid,dc=org cn=builders | grep member
member: uid=ian,cn=users,cn=accounts,dc=sbgrid,dc=org
I seem to remember when I first setup the FreeIPA server, there *was* a cn=compat tree... did disabling it at some point cause it to stop working?
Best,
Ian
More information about the Freeipa-users
mailing list