On (20/03/17 17:00), Alexander Bokovoy wrote: >On ma, 20 maalis 2017, Iulian Roman wrote: >> Hello, >> >> I noticed that nested group feature do not work with the unix ldap clients >> (AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If >> i use the cn=compat and change the mapping the nested groups are listed >> properly. >Compat tree implements RFC2307 schema which doesn't have nested groups. > >Main tree in FreeIPA uses RFC2307bis schema which supports nested >groups. > But "Compat tree" is generated from "Main tree". Therefore users must have the same groups in both cases.
LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project