We are trying to get Zenoss login authentication to use freeipa over
LDAP. Group mappings don't currently work and we think this is because
Zenoss requires the groupOfUniqueNames object class.
I managed to add the object class to a test VM using
vsphere_groupmod.ldif taken from
content of vsphere_groupmod.ldif -
dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
apply with -
ldapmodify -x -D "cn=Directory Manager" -f vsphere_groupmod.ldif -W
However, the following command seemed to freeze -
ipa permission-mod "System: Read Group Compat Tree" --includedattrs
and I had to kill it then subsequent ldapsearch commands froze.
Rebooting the VM seemed to fix things and the groupOfUniqueNames object
class appeared in the schema.
I'd like to apply this to our live system which uses a master and two
replicas running IPA v4.2.0 on RHEL 7.2.
Do I need to make the same change to all three servers ? Can I leave the
replicas connected or do I need to break the replication and
re-establish it? Do I need the "ipa permission-mod" if so then how do I
avoid it freezing ?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project