Since AIX will not dereference member=uid=someone,cn=accounts,... all…

… other non primary groups get lost. In this case, using the standard 2307group.map and the compat tree for groups works as expected (all groups the user belongs to, are found). The userclasses parameter can be the default.
freeipa · Nov 5, 2024 · 482116e · 482116e
1 parent 74e9577
commit 482116e
Showing 1 changed file with 2 additions and 13 deletions.
diff --git a/src/page/ConfiguringAixClients.rst b/src/page/ConfiguringAixClients.rst
@@ -500,15 +500,6 @@ Under /etc/security/ldap create 2 new map files:
       spassword       SEC_CHAR        userpassword            s
       lastupdate      SEC_INT         shadowlastchange        s
 
-..
-
-::
-
-      #IPAgroup.map file
-      groupname       SEC_CHAR    cn                    s
-      id              SEC_INT     gidNumber             s
-      users           SEC_LIST    member                m
-
 ..
 
     | Change the /etc/security/ldap/ldap.cfg file and set the relevant options as follow.
@@ -518,12 +509,10 @@ Under /etc/security/ldap create 2 new map files:
 ::
 
    userbasedn:cn=users,cn=accounts,dc=example,dc=com
-   groupbasedn:cn=groups,cn=accounts,dc=example,dc=com
+   groupbasedn:cn=groups,cn=compat,dc=example,dc=com
 
    userattrmappath:/etc/security/ldap/IPAuser.map
-   groupattrmappath:/etc/security/ldap/IPAgroup.map
-
-   userclasses:posixaccount
+   groupattrmappath:/etc/security/ldap/2307group.map
 
 5. Start the ldap client daemon.