Hello everybody,
I want to know, is there possibility to change default ldap scheme, where user and groups are storing. For instance, I have:
cn=USER, cn=groups, cn=accounts, dc=domain,dc=net cn=GROUP-OF-USERS, cn=groups, cn=accounts, dc=domain,dc=net
It seems to be too straightforward. Can I change it to cn=USER, cn=groups, cn=accounts, dc=domain,dc=net cn=GROUP-OF-USERS, cn=org-groups, cn=accounts, dc=domain,dc=net
?
Or to do any other corrections of ldap scheme for placing different objects.
Thanks!
Anyone? Of course this kind R&D question, but anyway I need to know.
2017-12-06 17:15 GMT+03:00 Andrew Radygin via FreeIPA-users < freeipa-users@lists.fedorahosted.org>:
Hello everybody,
I want to know, is there possibility to change default ldap scheme, where user and groups are storing. For instance, I have:
cn=USER, cn=groups, cn=accounts, dc=domain,dc=net cn=GROUP-OF-USERS, cn=groups, cn=accounts, dc=domain,dc=net
It seems to be too straightforward. Can I change it to cn=USER, cn=groups, cn=accounts, dc=domain,dc=net cn=GROUP-OF-USERS, cn=org-groups, cn=accounts, dc=domain,dc=net
?
Or to do any other corrections of ldap scheme for placing different objects.
Thanks! _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Andrew Radygin via FreeIPA-users wrote:
Anyone? Of course this kind R&D question, but anyway I need to know.
2017-12-06 17:15 GMT+03:00 Andrew Radygin via FreeIPA-users <freeipa-users@lists.fedorahosted.org mailto:freeipa-users@lists.fedorahosted.org>:
Hello everybody, I want to know, is there possibility to change default ldap scheme, where user and groups are storing. For instance, I have: cn=USER, cn=groups, cn=accounts, dc=domain,dc=net cn=GROUP-OF-USERS, cn=groups, cn=accounts, dc=domain,dc=net It seems to be too straightforward. Can I change it to cn=USER, cn=groups, cn=accounts, dc=domain,dc=net cn=GROUP-OF-USERS, cn=org-groups, cn=accounts, dc=domain,dc=net ? Or to do any other corrections of ldap scheme for placing different objects.
You could use slapi-nis to create your own compat area and format things as you like but there is no way other than changing code to do this otherwise. The containers are defined in one place but it wouldn't surprise me if there are corner cases.
rob
On to, 07 joulu 2017, Rob Crittenden via FreeIPA-users wrote:
Andrew Radygin via FreeIPA-users wrote:
Anyone? Of course this kind R&D question, but anyway I need to know.
2017-12-06 17:15 GMT+03:00 Andrew Radygin via FreeIPA-users <freeipa-users@lists.fedorahosted.org mailto:freeipa-users@lists.fedorahosted.org>:
Hello everybody, I want to know, is there possibility to change default ldap scheme, where user and groups are storing. For instance, I have: cn=USER, cn=groups, cn=accounts, dc=domain,dc=net cn=GROUP-OF-USERS, cn=groups, cn=accounts, dc=domain,dc=net It seems to be too straightforward. Can I change it to cn=USER, cn=groups, cn=accounts, dc=domain,dc=net cn=GROUP-OF-USERS, cn=org-groups, cn=accounts, dc=domain,dc=net ? Or to do any other corrections of ldap scheme for placing different objects.
You could use slapi-nis to create your own compat area and format things as you like but there is no way other than changing code to do this otherwise. The containers are defined in one place but it wouldn't surprise me if there are corner cases.
Yep. Whole IPA is built around idea of flat subtrees per object type, so there are no organizational containers under cn=users or cn=groups or cn=machines, etc.
I see, thanks for the information.
2017-12-07 16:52 GMT+03:00 Alexander Bokovoy abokovoy@redhat.com:
On to, 07 joulu 2017, Rob Crittenden via FreeIPA-users wrote:
Andrew Radygin via FreeIPA-users wrote:
Anyone? Of course this kind R&D question, but anyway I need to know.
2017-12-06 17:15 GMT+03:00 Andrew Radygin via FreeIPA-users <freeipa-users@lists.fedorahosted.org mailto:freeipa-users@lists.fedorahosted.org>:
Hello everybody, I want to know, is there possibility to change default ldap scheme, where user and groups are storing. For instance, I have: cn=USER, cn=groups, cn=accounts, dc=domain,dc=net cn=GROUP-OF-USERS, cn=groups, cn=accounts, dc=domain,dc=net It seems to be too straightforward. Can I change it to cn=USER, cn=groups, cn=accounts, dc=domain,dc=net cn=GROUP-OF-USERS, cn=org-groups, cn=accounts, dc=domain,dc=net ? Or to do any other corrections of ldap scheme for placing different objects.
You could use slapi-nis to create your own compat area and format things as you like but there is no way other than changing code to do this otherwise. The containers are defined in one place but it wouldn't surprise me if there are corner cases.
Yep. Whole IPA is built around idea of flat subtrees per object type, so there are no organizational containers under cn=users or cn=groups or cn=machines, etc. -- / Alexander Bokovoy
freeipa-users@lists.fedorahosted.org