On 17 July 2016 at 03:48, Sullivan, Daniel [AAA] <
dsulliv...@bsd.uchicago.edu> wrote:
> Out of curousity is there any reason you are not using the IPA provider
> instead of LDAP (in SSSD)?

We initially want to switch hundreds of servers via Puppet change. At a
later stage we'll look at joining them using ipa-client.

Quick update, I can see group members and list of secondary groups when I
use compat tree:

ldap_search_base = cn=compat,dc=ipa,dc=wandisco,dc=com
ldap_group_search_base = cn=groups,cn=compat,dc=ipa,dc=wandisco,dc=com
ldap_user_search_base = cn=users,cn=compat,dc=ipa,dc=wandisco,dc=com

Not sure if using compat tree is the best approach here though.

Kind regards,
 Peter Pakos
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to