[Freeipa-users] compat settings
Rudolf Gabler
rug at usm.lmu.de
Thu May 21 06:59:24 UTC 2015
Hi to whom it may concern,
we used for many years a 2 location policy to separate email users from unix users in order to not using the same passwords. So we had 2 trees in our LDAP with the same user but different passwords.
In freeipa (where we want to migrate now) I can use the accounts and compat (for email) trees for this purpose and so I added a
dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
changetype: modify
add: schema-compat-entry-attribute
schema-compat-entry-attribute: userPassword=*
to the compat settings to have a separate place for the password (!not userPassword=%{userPassword}, because then the accounts password are mirrored). This works, but I’m not allowed to change the password i.e. with:
ldappasswd -x -D "cn=Directory Manager" -W -S uid=myuser,cn=users,cn=compat,dc=example,dc=com
I get a result of:
No such object (32)
Additional info: Failed to update password
where as for the accounts tree the ldappasswd is working fine.
What additional setting may be required?
Regards,
Rudi Gabler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150521/bcab5398/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150521/bcab5398/attachment.sig>
More information about the Freeipa-users
mailing list