Tamas Papp wrote:

On 10/07/2013 08:59 PM, Dmitri Pal wrote:
On 10/07/2013 12:32 PM, Tamas Papp wrote:
On 10/07/2013 06:06 PM, Tamas Papp wrote:
hi All,

I have a fedora directory server with memberOf attributes.
I'm able to migrate users to Freeipa, but I can see there are no such
attributes at the new place.
If I understand correctly, a memberOf plugin should be enabled. How can
I do that?
I wasn't correct here.

This works:
# ldapsearch -Y GSSAPI 2>/dev/null |grep memberOf|wc -l

This not:
# ldapsearch -x 2>/dev/null |grep memberOf|wc -l

I miss something, but I don't know, what. I'm not really an ldap or IPA
expert, please give me some advise:)
With anonymous bind you do not see any data. With GSSAPI you
authenticate and thus entitled to see what you are looking for.

I see, that's true.
Although I don't understand why memberOf not works if every other
information available?

ldapsearch -x uid=user and ldapsearch -x cn=group works fine. Therefore
all information is available, just not showed up right.
Am I wrong?

memberOf can contain some privileged information that you don't want to expose to anonymous users, like sudo and HBAC rule membership.


Freeipa-users mailing list

Reply via email to