[Freeipa-users] SSSD with LDAP not showing secondary groups
Peter Pakos
peter at pakos.uk
Sun Jul 17 08:16:33 UTC 2016
On 17 July 2016 at 03:48, Sullivan, Daniel [AAA] <
dsullivan2 at bsd.uchicago.edu> wrote:
>
> Out of curousity is there any reason you are not using the IPA provider
> instead of LDAP (in SSSD)?
>
We initially want to switch hundreds of servers via Puppet change. At a
later stage we'll look at joining them using ipa-client.
Quick update, I can see group members and list of secondary groups when I
use compat tree:
ldap_search_base = cn=compat,dc=ipa,dc=wandisco,dc=com
ldap_group_search_base = cn=groups,cn=compat,dc=ipa,dc=wandisco,dc=com
ldap_user_search_base = cn=users,cn=compat,dc=ipa,dc=wandisco,dc=com
Not sure if using compat tree is the best approach here though.
--
Kind regards,
Peter Pakos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160717/1856de1e/attachment.htm>
More information about the Freeipa-users
mailing list