I see, thanks for the information.
2017-12-07 16:52 GMT+03:00 Alexander Bokovoy <abokovoy(a)redhat.com>:
On to, 07 joulu 2017, Rob Crittenden via FreeIPA-users wrote:
> Andrew Radygin via FreeIPA-users wrote:
>
>> Anyone?
>> Of course this kind R&D question, but anyway I need to know.
>>
>>
>> 2017-12-06 17:15 GMT+03:00 Andrew Radygin via FreeIPA-users
>> <freeipa-users(a)lists.fedorahosted.org
>> <mailto:freeipa-users@lists.fedorahosted.org>>:
>>
>> Hello everybody,
>>
>> I want to know, is there possibility to change default ldap scheme,
>> where user and groups are storing.
>> For instance, I have:
>>
>> cn=USER, cn=groups, cn=accounts, dc=domain,dc=net
>> cn=GROUP-OF-USERS, cn=groups, cn=accounts, dc=domain,dc=net
>>
>> It seems to be too straightforward. Can I change it to
>> cn=USER, cn=groups, cn=accounts, dc=domain,dc=net
>> cn=GROUP-OF-USERS, cn=org-groups, cn=accounts, dc=domain,dc=net
>>
>> ?
>>
>> Or to do any other corrections of ldap scheme for placing different
>> objects.
>>
>
> You could use slapi-nis to create your own compat area and format things
> as you like but there is no way other than changing code to do this
> otherwise. The containers are defined in one place but it wouldn't
> surprise me if there are corner cases.
>
Yep. Whole IPA is built around idea of flat subtrees per object type, so
there are no organizational containers under cn=users or cn=groups or
cn=machines, etc.
--
/ Alexander Bokovoy
--
Best regards, Andrew.