[Freeipa-users] memberOf
Rob Crittenden
rcritten at redhat.com
Mon Oct 7 20:21:25 UTC 2013
Tamas Papp wrote:
>
> On 10/07/2013 08:59 PM, Dmitri Pal wrote:
>> On 10/07/2013 12:32 PM, Tamas Papp wrote:
>>> On 10/07/2013 06:06 PM, Tamas Papp wrote:
>>>> hi All,
>>>>
>>>> I have a fedora directory server with memberOf attributes.
>>>> I'm able to migrate users to Freeipa, but I can see there are no such
>>>> attributes at the new place.
>>>> If I understand correctly, a memberOf plugin should be enabled. How can
>>>> I do that?
>>> I wasn't correct here.
>>>
>>> This works:
>>> # ldapsearch -Y GSSAPI 2>/dev/null |grep memberOf|wc -l
>>> 2424
>>>
>>>
>>> This not:
>>> # ldapsearch -x 2>/dev/null |grep memberOf|wc -l
>>> 0
>>>
>>>
>>> I miss something, but I don't know, what. I'm not really an ldap or IPA
>>> expert, please give me some advise:)
>> With anonymous bind you do not see any data. With GSSAPI you
>> authenticate and thus entitled to see what you are looking for.
>>
>
> I see, that's true.
> Although I don't understand why memberOf not works if every other
> information available?
>
> ldapsearch -x uid=user and ldapsearch -x cn=group works fine. Therefore
> all information is available, just not showed up right.
> Am I wrong?
memberOf can contain some privileged information that you don't want to
expose to anonymous users, like sudo and HBAC rule membership.
rob
More information about the Freeipa-users
mailing list