> Joseph Fry via FreeIPA-users wrote: > > What problem are you trying to solve? > > rob
I am working on creating my own .update file for the compatibility plugin that will populate the compat container with two new containers holding devices and device groups with the objects within in a format that will be readable by our AD centric tools. So far I have been able to create the containers, and the objects (still working on the group memberships, watch for a new thread), however the service account I created per https://www.freeipa.org/page/HowTo/LDAP#System_Accounts for my applications to bind to the directory cannot see the compat container unless I bind directly to it. And even when I do bind to it, the new containers I created are also not visible. I created a normal admin user account in IPA, and I am able to bind with that account and browse the entire tree (compat and the two containers I created are visable). I suspect that there are some ACL's or other configuration that is causing the compat container, and the two new containers I created, to be invisible to the service account, and any non-admin accounts. My hope was you could explain how to either remove this restriction, or provide the service account with the correct permissions to be able to see these containers. I hope that all makes sense... I am not an LDAP admin, just trying to solve a situation for one of my customers who uses Redhat IDM rather than Active Directory. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
