On 01/14/2013 01:40 PM, Nalin Dahyabhai wrote:
On Mon, Jan 14, 2013 at 12:06:35PM -0700, Orion Poplawski wrote:
We're looking at migrating from 389ds to ipa.  Currently our users
are in ou=People with rfc2307 attributes.  Is there any way to
provide an ou=people,dc=nwra,dc=com compatibility group in IPA?  Or
does everything have to remain under cn=compat?  We have a lot of
references to ou=People,dc=nwra,dc=com in clients.

Things show up under cn=compat because the Schema Compatibility plugin
is configured to put them there.  With a bit of manual configuration,
the compatibility user entries can show up under ou=People, too.  Here's
an initial guess at how that'd look, mostly copy/pasted from the compat

   dn: ou=people,cn=Schema Compatibility,cn=plugins,cn=config
   schema-compat-entry-attribute: objectclass=posixAccount
   schema-compat-entry-attribute: gecos=%{cn}
   schema-compat-entry-attribute: cn=%{cn}
   schema-compat-entry-attribute: uidNumber=%{uidNumber}
   schema-compat-entry-attribute: gidNumber=%{gidNumber}
   schema-compat-entry-attribute: loginShell=%{loginShell}
   schema-compat-entry-attribute: homeDirectory=%{homeDirectory}
   ou: people
   objectClass: top
   objectClass: extensibleObject
   schema-compat-search-filter: objectclass=posixAccount
   schema-compat-entry-rdn: uid=%{uid}
   schema-compat-search-base: cn=users, cn=accounts, dc=nwra,dc=com
   schema-compat-container-group: ou=people,dc=nwra,dc=com

You'd need to stop the directory server, add this to its dse.ldif file,
and start it up again.



Great, that seems to work well.  Thanks!

Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder Office                  FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                   http://www.nwra.com

Freeipa-users mailing list

Reply via email to