Tamas Papp wrote:


On 10/07/2013 08:59 PM, Dmitri Pal wrote:
On 10/07/2013 12:32 PM, Tamas Papp wrote:
On 10/07/2013 06:06 PM, Tamas Papp wrote:
hi All,

I have a fedora directory server with memberOf attributes.
I'm able to migrate users to Freeipa, but I can see there are no such
attributes at the new place.
If I understand correctly, a memberOf plugin should be enabled. How can
I do that?
I wasn't correct here.

This works:
# ldapsearch -Y GSSAPI 2>/dev/null |grep memberOf|wc -l
2424


This not:
# ldapsearch -x 2>/dev/null |grep memberOf|wc -l
0


I miss something, but I don't know, what. I'm not really an ldap or IPA
expert, please give me some advise:)
With anonymous bind you do not see any data. With GSSAPI you
authenticate and thus entitled to see what you are looking for.


I see, that's true.
Although I don't understand why memberOf not works if every other
information available?

ldapsearch -x uid=user and ldapsearch -x cn=group works fine. Therefore
all information is available, just not showed up right.
Am I wrong?

memberOf can contain some privileged information that you don't want to expose to anonymous users, like sudo and HBAC rule membership.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to