From a656329173e62784fd43c6139d92f6b44021d1b1 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Fri, 23 May 2008 15:41:44 -0400
Subject: Now that admin is in the common users tree make the nss_ldap
 configuration look at the specific tree where users are and not search the
 full server.

---
 contrib/RHEL4/ipa-client-setup | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'contrib')

diff --git a/contrib/RHEL4/ipa-client-setup b/contrib/RHEL4/ipa-client-setup
index 26e9d84e..8e66ffdc 100644
--- a/contrib/RHEL4/ipa-client-setup
+++ b/contrib/RHEL4/ipa-client-setup
@@ -287,8 +287,8 @@ def main():
             {'name':'ldap_version', 'type':'option', 'value':'3'},
             {'name':'base', 'type':'option', 'value':ipasrv.getBaseDN()},
             {'name':'empty', 'type':'empty'},
-            {'name':'nss_base_passwd', 'type':'option', 'value':ipasrv.getBaseDN()+'?sub'},
-            {'name':'nss_base_group', 'type':'option', 'value':ipasrv.getBaseDN()+'?sub'},
+            {'name':'nss_base_passwd', 'type':'option', 'value':'cn=users,cn=accounts,'+ipasrv.getBaseDN()+'?sub'},
+            {'name':'nss_base_group', 'type':'option', 'value':'cn=users,cn=accounts,'+ipasrv.getBaseDN()+'?sub'},
             {'name':'nss_schema', 'type':'option', 'value':'rfc2307bis'},
             {'name':'nss_map_attribute', 'type':'option', 'value':'uniqueMember member'},
             {'name':'nss_initgroups_ignoreusers', 'type':'option', 'value':'root,dirsrv'},
-- 
cgit