[Freeipa-users] compat and nested groups for Unix system
Lukas Slebodnik
lslebodn at redhat.com
Mon Mar 20 15:11:18 UTC 2017
On (20/03/17 17:00), Alexander Bokovoy wrote:
>On ma, 20 maalis 2017, Iulian Roman wrote:
>> Hello,
>>
>> I noticed that nested group feature do not work with the unix ldap clients
>> (AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If
>> i use the cn=compat and change the mapping the nested groups are listed
>> properly.
>Compat tree implements RFC2307 schema which doesn't have nested groups.
>
>Main tree in FreeIPA uses RFC2307bis schema which supports nested
>groups.
>
But "Compat tree" is generated from "Main tree".
Therefore users must have the same groups in both cases.
LS
More information about the Freeipa-users
mailing list