On 17 July 2016 at 03:48, Sullivan, Daniel [AAA] <
dsulliv...@bsd.uchicago.edu> wrote:
>
> Out of curousity is there any reason you are not using the IPA provider
> instead of LDAP (in SSSD)?
>

We initially want to switch hundreds of servers via Puppet change. At a
later stage we'll look at joining them using ipa-client.

Quick update, I can see group members and list of secondary groups when I
use compat tree:

ldap_search_base = cn=compat,dc=ipa,dc=wandisco,dc=com
ldap_group_search_base = cn=groups,cn=compat,dc=ipa,dc=wandisco,dc=com
ldap_user_search_base = cn=users,cn=compat,dc=ipa,dc=wandisco,dc=com

Not sure if using compat tree is the best approach here though.

-- 
Kind regards,
 Peter Pakos
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to