From 1353847e49a1cde078bb9b432cc43959b7a3ce46 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 22 Feb 2016 12:40:03 +0200 Subject: slapi-nis: update configuration to allow external members of IPA groups Currently in an environment with trust to AD the compat tree does not show AD users as members of IPA groups. The reason is that IPA groups are read directly from the IPA DS tree and external groups are not handled. slapi-nis project has added support for it in 0.55, make sure we update configuration for the group map if it exists and depend on 0.55 version. https://fedorahosted.org/freeipa/ticket/4403 Reviewed-By: Tomas Babej --- install/updates/50-externalmembers.update | 3 +++ install/updates/Makefile.am | 1 + 2 files changed, 4 insertions(+) create mode 100644 install/updates/50-externalmembers.update (limited to 'install/updates') diff --git a/install/updates/50-externalmembers.update b/install/updates/50-externalmembers.update new file mode 100644 index 000000000..6b9c5dd23 --- /dev/null +++ b/install/updates/50-externalmembers.update @@ -0,0 +1,3 @@ +dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config +addifexist: schema-compat-entry-attribute: ipaexternalmember=%deref_r("member","ipaexternalmember") +addifexist: schema-compat-entry-attribute: objectclass=ipaexternalgroup diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index b04ab48a0..3edc21473 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -45,6 +45,7 @@ app_DATA = \ 50-krbenctypes.update \ 50-nis.update \ 50-ipaconfig.update \ + 50-externalmembers.update \ 55-pbacmemberof.update \ 59-trusts-sysacount.update \ 60-trusts.update \ -- cgit