From 8f082f2d4f03b66cbd8548c0900111f8d2df799b Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Fri, 23 May 2008 15:41:44 -0400
Subject: Now that admin is in the common users tree make the nss_ldap
 configuration look at the specific tree where users are and not search the
 full server.

---
 contrib/RHEL4/ipa-client-setup            | 4 ++--
 ipa-client/ipa-install/ipa-client-install | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/contrib/RHEL4/ipa-client-setup b/contrib/RHEL4/ipa-client-setup
index 26e9d84e1..8e66ffdc8 100644
--- a/contrib/RHEL4/ipa-client-setup
+++ b/contrib/RHEL4/ipa-client-setup
@@ -287,8 +287,8 @@ def main():
             {'name':'ldap_version', 'type':'option', 'value':'3'},
             {'name':'base', 'type':'option', 'value':ipasrv.getBaseDN()},
             {'name':'empty', 'type':'empty'},
-            {'name':'nss_base_passwd', 'type':'option', 'value':ipasrv.getBaseDN()+'?sub'},
-            {'name':'nss_base_group', 'type':'option', 'value':ipasrv.getBaseDN()+'?sub'},
+            {'name':'nss_base_passwd', 'type':'option', 'value':'cn=users,cn=accounts,'+ipasrv.getBaseDN()+'?sub'},
+            {'name':'nss_base_group', 'type':'option', 'value':'cn=users,cn=accounts,'+ipasrv.getBaseDN()+'?sub'},
             {'name':'nss_schema', 'type':'option', 'value':'rfc2307bis'},
             {'name':'nss_map_attribute', 'type':'option', 'value':'uniqueMember member'},
             {'name':'nss_initgroups_ignoreusers', 'type':'option', 'value':'root,dirsrv'},
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 17dd15a5d..b096d9b99 100644
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -232,8 +232,8 @@ def main():
             {'name':'ldap_version', 'type':'option', 'value':'3'},
             {'name':'base', 'type':'option', 'value':cli_basedn},
             {'name':'empty', 'type':'empty'},
-            {'name':'nss_base_passwd', 'type':'option', 'value':cli_basedn+'?sub'},
-            {'name':'nss_base_group', 'type':'option', 'value':cli_basedn+'?sub'},
+            {'name':'nss_base_passwd', 'type':'option', 'value':'cn=users,cn=accounts,'+cli_basedn+'?sub'},
+            {'name':'nss_base_group', 'type':'option', 'value':'cn=groups,cn=accounts,'+cli_basedn+'?sub'},
             {'name':'nss_schema', 'type':'option', 'value':'rfc2307bis'},
             {'name':'nss_map_attribute', 'type':'option', 'value':'uniqueMember member'},
             {'name':'nss_initgroups_ignoreusers', 'type':'option', 'value':'root,dirsrv'},
-- 
cgit