[Freeipa-users] Serving RFC2307 to OS X clients
Nalin Dahyabhai
nalin at redhat.com
Thu Jun 7 21:44:16 UTC 2012
On Thu, Jun 07, 2012 at 05:34:58PM -0400, Ian Levesque wrote:
> # ldapsearch -LLL -x -h sbgrid-directory -b cn=compat,dc=sbgrid,dc=org
> No such object (32)
> Matched DN: dc=sbgrid,dc=org
This result suggests that the plugin isn't running. Can you
double-check by searching (as either the directory administrator or the
IPA administrator) to verify that the plugin is enabled and configured
to serve up group information? The search looks like:
kinit admin
ldapsearch -h sbgrid-directory -Y GSSAPI \
-b "cn=Schema Compatibility,cn=plugins,cn=config" \
nsslapd-pluginEnabled
The results should look like this:
dn: cn=Schema Compatibility,cn=plugins,cn=config
nsslapd-pluginEnabled: off
dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
If you drill down and read the whole cn=groups configuration entry, it
should look like this:
dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
schema-compat-entry-attribute: objectclass=posixGroup
schema-compat-entry-attribute: gidNumber=%{gidNumber}
schema-compat-entry-attribute: memberUid=%{memberUid}
schema-compat-entry-attribute: memberUid=%deref_r("member","uid")
cn: groups
objectClass: top
objectClass: extensibleObject
schema-compat-search-filter: objectclass=posixGroup
schema-compat-container-rdn: cn=groups
schema-compat-entry-rdn: cn=%{cn}
schema-compat-search-base: cn=groups, cn=accounts, dc=sbgrid,dc=org
schema-compat-container-group: cn=compat, dc=sbgrid,dc=org
HTH,
Nalin
More information about the Freeipa-users
mailing list