On ma, 20 maalis 2017, Lukas Slebodnik wrote:
On (20/03/17 17:00), Alexander Bokovoy wrote:
On ma, 20 maalis 2017, Iulian Roman wrote:
Hello,
I noticed that nested group feature do not work with the unix ldap clients
(AIX) if the default groupbasedn (cn=groups,cn=accounts,dc=...) is used. If
i use the cn=compat and change the mapping the nested groups are listed
properly.
Compat tree implements RFC2307 schema which doesn't have nested groups.
Main tree in FreeIPA uses RFC2307bis schema which supports nested
groups.
But "Compat tree" is generated from "Main tree".
Therefore users must have the same groups in both cases.
They are, for POSIX groups. RFC2307bis allows you to have arbitrary
nested groups, RFC2307 only handles POSIX groups.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
