Tamas Papp wrote:
On 10/07/2013 08:59 PM, Dmitri Pal wrote:
On 10/07/2013 12:32 PM, Tamas Papp wrote:
On 10/07/2013 06:06 PM, Tamas Papp wrote:
I have a fedora directory server with memberOf attributes.
I'm able to migrate users to Freeipa, but I can see there are no such
attributes at the new place.
If I understand correctly, a memberOf plugin should be enabled. How can
I do that?
I wasn't correct here.
# ldapsearch -Y GSSAPI 2>/dev/null |grep memberOf|wc -l
# ldapsearch -x 2>/dev/null |grep memberOf|wc -l
I miss something, but I don't know, what. I'm not really an ldap or IPA
expert, please give me some advise:)
With anonymous bind you do not see any data. With GSSAPI you
authenticate and thus entitled to see what you are looking for.
I see, that's true.
Although I don't understand why memberOf not works if every other
ldapsearch -x uid=user and ldapsearch -x cn=group works fine. Therefore
all information is available, just not showed up right.
Am I wrong?
memberOf can contain some privileged information that you don't want to
expose to anonymous users, like sudo and HBAC rule membership.
Freeipa-users mailing list