From c5b1437ec5ebfbecc31d21d086d48713f0620131 Mon Sep 17 00:00:00 2001
From: Rui Miguel Silva Seabra <rms@roque.1407.org>
Date: Mon, 4 Nov 2024 12:35:31 +0000
Subject: [PATCH] Since AIX will not dereference
 member=uid=someone,cn=accounts,... all other non primary groups get lost. In
 this case, using the standard 2307group.map and the compat tree for groups
 works as expected (all groups the user belongs to, are found). The
 userclasses parameter can be the default.

---
 src/page/ConfiguringAixClients.rst | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/src/page/ConfiguringAixClients.rst b/src/page/ConfiguringAixClients.rst
index 434fac5d..a2808b75 100644
--- a/src/page/ConfiguringAixClients.rst
+++ b/src/page/ConfiguringAixClients.rst
@@ -466,15 +466,6 @@ Under /etc/security/ldap create 2 new map files:
       spassword       SEC_CHAR        userpassword            s
       lastupdate      SEC_INT         shadowlastchange        s
 
-..
-
-::
-
-      #IPAgroup.map file
-      groupname       SEC_CHAR    cn                    s
-      id              SEC_INT     gidNumber             s
-      users           SEC_LIST    member                m
-
 ..
 
     | Change the /etc/security/ldap/ldap.cfg file and set the relevant options as follow.
@@ -484,12 +475,10 @@ Under /etc/security/ldap create 2 new map files:
 ::
 
    userbasedn:cn=users,cn=accounts,dc=example,dc=com
-   groupbasedn:cn=groups,cn=accounts,dc=example,dc=com
+   groupbasedn:cn=groups,cn=compat,dc=example,dc=com
 
    userattrmappath:/etc/security/ldap/IPAuser.map
-   groupattrmappath:/etc/security/ldap/IPAgroup.map
-
-   userclasses:posixaccount
+   groupattrmappath:/etc/security/ldap/2307group.map
 
 5. Start the ldap client daemon.