Opps, I got that wrong, my groups don't show the 'uniqueMember' attribute. Here 
is an example returned from ldapsearch;

# admins, groups, compat, localdomain.local
dn: cn=admins,cn=groups,cn=compat,dc=localdomain,dc=local
gidNumber: 756200000
memberUid: admin
memberUid: vadmin
objectClass: posixGroup
objectClass: groupOfUniqueNames
objectClass: top
cn: admins

On 3/5/2015 at 9:15 AM, re...@hushmail.com wrote:

Hi Martin,

Using my vadmin account, 
"uid=vadmin,cn=users,cn=compat,dc=localdomain,dc=local", the search completes 
successfully and i get a list of my users and groups however when I've watched 
the ldap queries between vcenter and freeipa I can see it's applying a filter 
to the user search looking for 'objectClass=groupOfUniqueNames' which my groups 
don't seem to contain.

I'm very much an ldap newbie but I thought at step two in the vsphere 
integration howto I modified the groups schema to include that object class?

On 3/4/2015 at 8:32 PM, "Martin Kosek" <mko...@redhat.com> wrote:

Given that this HOWTO does not use the vanilla Schema Compatibility settings
(FreeIPA Compat Tree by default uses posixGroup objectclass and memberUid
attribute for user membership), I would check if the groups really have the
right objectclass and uniqueMember generated:

# ldapsearch -D "VSPHERE_DN" -x -w "$VSPHERE_DN_PASSWORD" -b

I expect there will be some problem preventing the LDAP search to succeed. Then
we would know where to look next.


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to