On 01/14/2013 01:40 PM, Nalin Dahyabhai wrote:
On Mon, Jan 14, 2013 at 12:06:35PM -0700, Orion Poplawski wrote:
We're looking at migrating from 389ds to ipa.  Currently our users
are in ou=People with rfc2307 attributes.  Is there any way to
provide an ou=people,dc=nwra,dc=com compatibility group in IPA?  Or
does everything have to remain under cn=compat?  We have a lot of
references to ou=People,dc=nwra,dc=com in clients.

Things show up under cn=compat because the Schema Compatibility plugin
is configured to put them there.  With a bit of manual configuration,
the compatibility user entries can show up under ou=People, too.  Here's
an initial guess at how that'd look, mostly copy/pasted from the compat
configuration:

   dn: ou=people,cn=Schema Compatibility,cn=plugins,cn=config
   schema-compat-entry-attribute: objectclass=posixAccount
   schema-compat-entry-attribute: gecos=%{cn}
   schema-compat-entry-attribute: cn=%{cn}
   schema-compat-entry-attribute: uidNumber=%{uidNumber}
   schema-compat-entry-attribute: gidNumber=%{gidNumber}
   schema-compat-entry-attribute: loginShell=%{loginShell}
   schema-compat-entry-attribute: homeDirectory=%{homeDirectory}
   ou: people
   objectClass: top
   objectClass: extensibleObject
   schema-compat-search-filter: objectclass=posixAccount
   schema-compat-entry-rdn: uid=%{uid}
   schema-compat-search-base: cn=users, cn=accounts, dc=nwra,dc=com
   schema-compat-container-group: ou=people,dc=nwra,dc=com

You'd need to stop the directory server, add this to its dse.ldif file,
and start it up again.

HTH,

Nalin


Great, that seems to work well.  Thanks!

--
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder Office                  FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                   http://www.nwra.com

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to