[Freeipa-users] compat and ou=People
Orion Poplawski
orion at cora.nwra.com
Mon Jan 14 22:23:50 UTC 2013
On 01/14/2013 01:40 PM, Nalin Dahyabhai wrote:
> On Mon, Jan 14, 2013 at 12:06:35PM -0700, Orion Poplawski wrote:
>> We're looking at migrating from 389ds to ipa. Currently our users
>> are in ou=People with rfc2307 attributes. Is there any way to
>> provide an ou=people,dc=nwra,dc=com compatibility group in IPA? Or
>> does everything have to remain under cn=compat? We have a lot of
>> references to ou=People,dc=nwra,dc=com in clients.
>
> Things show up under cn=compat because the Schema Compatibility plugin
> is configured to put them there. With a bit of manual configuration,
> the compatibility user entries can show up under ou=People, too. Here's
> an initial guess at how that'd look, mostly copy/pasted from the compat
> configuration:
>
> dn: ou=people,cn=Schema Compatibility,cn=plugins,cn=config
> schema-compat-entry-attribute: objectclass=posixAccount
> schema-compat-entry-attribute: gecos=%{cn}
> schema-compat-entry-attribute: cn=%{cn}
> schema-compat-entry-attribute: uidNumber=%{uidNumber}
> schema-compat-entry-attribute: gidNumber=%{gidNumber}
> schema-compat-entry-attribute: loginShell=%{loginShell}
> schema-compat-entry-attribute: homeDirectory=%{homeDirectory}
> ou: people
> objectClass: top
> objectClass: extensibleObject
> schema-compat-search-filter: objectclass=posixAccount
> schema-compat-entry-rdn: uid=%{uid}
> schema-compat-search-base: cn=users, cn=accounts, dc=nwra,dc=com
> schema-compat-container-group: ou=people,dc=nwra,dc=com
>
> You'd need to stop the directory server, add this to its dse.ldif file,
> and start it up again.
>
> HTH,
>
> Nalin
>
Great, that seems to work well. Thanks!
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list