On Oct 11, 2018, at 12:51 AM, Alexander Bokovoy via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:

On ke, 10 loka 2018, Perry Smith via FreeIPA-users wrote:
Two questions for this group:

1) Is there a way to get it to not look for the SRV record in the first place?

2) On a completely different topic, how do I install the “memberof” plug-in?
At least, I think that’s what I need / want.  I need to do LDAP filter for members
of a group and currently my LDAP records do not have memberof but instead have
memberUid (and that is only in compat and not in accounts)

I hope its ok to mix two questions into one email.
It would be if you'd provide more details to allow helping you. How are
you inferring that there is no 'memberof' plugin enabled? FreeIPA does
not allow to retrieve membership information for non-authenticated
connections from the primary subtree (cn=accounts,$SUFFIX). If you are
checking without authentication, that's your problem.

The DNS issue was hard to solve but I finally managed to get the bind9 and freeipa code
from ppa:freeipa/staging so the DNS is working and the ipa command line commands no
longer pause 30 seconds.

The LDAP question was solved as Alexander suggested — by authenticating first.  I’m
curious what the reason is for this?  From the compat entries, one can deduce the
members of the groups.

Thank you for your time,
Perry Smith