On (20/03/17 17:00), Alexander Bokovoy wrote:
>On ma, 20 maalis 2017, Iulian Roman wrote:
>> Hello,
>> 
>> I noticed that nested group feature do not work with the unix ldap clients
>> (AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If
>> i use the cn=compat and change the mapping the nested groups are listed
>> properly.
>Compat tree implements RFC2307 schema which doesn't have nested groups.
>
>Main tree in FreeIPA uses RFC2307bis schema which supports nested
>groups.
>
But "Compat tree" is generated from "Main tree".
Therefore users must have the same groups in both cases.

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to