[Freeipa-users] compat and ou=People
Nalin Dahyabhai
nalin at redhat.com
Mon Jan 14 20:40:56 UTC 2013
On Mon, Jan 14, 2013 at 12:06:35PM -0700, Orion Poplawski wrote:
> We're looking at migrating from 389ds to ipa. Currently our users
> are in ou=People with rfc2307 attributes. Is there any way to
> provide an ou=people,dc=nwra,dc=com compatibility group in IPA? Or
> does everything have to remain under cn=compat? We have a lot of
> references to ou=People,dc=nwra,dc=com in clients.
Things show up under cn=compat because the Schema Compatibility plugin
is configured to put them there. With a bit of manual configuration,
the compatibility user entries can show up under ou=People, too. Here's
an initial guess at how that'd look, mostly copy/pasted from the compat
configuration:
dn: ou=people,cn=Schema Compatibility,cn=plugins,cn=config
schema-compat-entry-attribute: objectclass=posixAccount
schema-compat-entry-attribute: gecos=%{cn}
schema-compat-entry-attribute: cn=%{cn}
schema-compat-entry-attribute: uidNumber=%{uidNumber}
schema-compat-entry-attribute: gidNumber=%{gidNumber}
schema-compat-entry-attribute: loginShell=%{loginShell}
schema-compat-entry-attribute: homeDirectory=%{homeDirectory}
ou: people
objectClass: top
objectClass: extensibleObject
schema-compat-search-filter: objectclass=posixAccount
schema-compat-entry-rdn: uid=%{uid}
schema-compat-search-base: cn=users, cn=accounts, dc=nwra,dc=com
schema-compat-container-group: ou=people,dc=nwra,dc=com
You'd need to stop the directory server, add this to its dse.ldif file,
and start it up again.
HTH,
Nalin
More information about the Freeipa-users
mailing list