On (20/03/17 17:00), Alexander Bokovoy wrote:
>On ma, 20 maalis 2017, Iulian Roman wrote:
>> I noticed that nested group feature do not work with the unix ldap clients
>> (AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If
>> i use the cn=compat and change the mapping the nested groups are listed
>Compat tree implements RFC2307 schema which doesn't have nested groups.
>Main tree in FreeIPA uses RFC2307bis schema which supports nested
But "Compat tree" is generated from "Main tree".
Therefore users must have the same groups in both cases.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project