On 17 July 2016 at 03:48, Sullivan, Daniel [AAA] < [email protected]> wrote: > > Out of curousity is there any reason you are not using the IPA provider > instead of LDAP (in SSSD)? >
We initially want to switch hundreds of servers via Puppet change. At a later stage we'll look at joining them using ipa-client. Quick update, I can see group members and list of secondary groups when I use compat tree: ldap_search_base = cn=compat,dc=ipa,dc=wandisco,dc=com ldap_group_search_base = cn=groups,cn=compat,dc=ipa,dc=wandisco,dc=com ldap_user_search_base = cn=users,cn=compat,dc=ipa,dc=wandisco,dc=com Not sure if using compat tree is the best approach here though. -- Kind regards, Peter Pakos
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
