On ma, 20 maalis 2017, Lukas Slebodnik wrote:
On (20/03/17 17:00), Alexander Bokovoy wrote:
On ma, 20 maalis 2017, Iulian Roman wrote:

I noticed that nested group feature do not work with the unix ldap clients
(AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If
i use the cn=compat and change the mapping the nested groups are listed
Compat tree implements RFC2307 schema which doesn't have nested groups.

Main tree in FreeIPA uses RFC2307bis schema which supports nested

But "Compat tree" is generated from "Main tree".
Therefore users must have the same groups in both cases.
They are, for POSIX groups. RFC2307bis allows you to have arbitrary
nested groups, RFC2307 only handles POSIX groups.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to