[Freeipa-users] Questions to "compat" LDAP suffix
Rob Crittenden
rcritten at redhat.com
Thu Aug 20 14:02:02 UTC 2015
Detlev Habicht wrote:
> Hi all,
>
> i am very new using and testing IPA and i have some questions,
> which are not really IPA topics. But perhaps someone can help
> me and send me a link, where i can read and learn such things:
>
> I see in the LDAP tree a suffix like this:
>
> cn=users,cn=compat,dc=ims,dc=intern
>
> And of course this:
>
> cn=users,cn=accounts,dc=ims,dc=intern
>
> I don’t understand the reason for „cn=compat“.
> Where do i find some infos to understand this concept?
It is the schema comppatibility tree. IPA servers the 2307bis schema.
Some clients (Solaris) want 2307 so need to use the cn=compat tree instead.
It is also being leveraged for providing separate views for entries. You
can find more information on this in
/usr/share/doc/slapi-nis/ipa/sch-ipa.txt
Documentation on the plugin can be found in /usr/share/doc/slapi-nis.
The basic rule of thumb though is to search in the right container for
the right kind of entry rather than searching from the base.
rob
More information about the Freeipa-users
mailing list