On to, 07 joulu 2017, Rob Crittenden via FreeIPA-users wrote:
Andrew Radygin via FreeIPA-users wrote:
> Anyone?
> Of course this kind R&D question, but anyway I need to know.
>
>
> 2017-12-06 17:15 GMT+03:00 Andrew Radygin via FreeIPA-users
> <freeipa-users(a)lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>>:
>
> Hello everybody,
>
> I want to know, is there possibility to change default ldap scheme,
> where user and groups are storing.
> For instance, I have:
>
> cn=USER, cn=groups, cn=accounts, dc=domain,dc=net
> cn=GROUP-OF-USERS, cn=groups, cn=accounts, dc=domain,dc=net
>
> It seems to be too straightforward. Can I change it to
> cn=USER, cn=groups, cn=accounts, dc=domain,dc=net
> cn=GROUP-OF-USERS, cn=org-groups, cn=accounts, dc=domain,dc=net
>
> ?
>
> Or to do any other corrections of ldap scheme for placing different
> objects.
You could use slapi-nis to create your own compat area and format things
as you like but there is no way other than changing code to do this
otherwise. The containers are defined in one place but it wouldn't
surprise me if there are corner cases.
Yep. Whole IPA is built around idea of flat
subtrees per object type, so
there are no organizational containers under cn=users or cn=groups or
cn=machines, etc.
--
/ Alexander Bokovoy