Finally found a reference:
https://docs.microfocus.com/itom/Network_Node_Manager_i:10.50/Administer/...
<roleSearch>
Placeholder element to include the user role information.
<roleBase>member={1}</roleBase>
Replace member with the name of the group attribute that stores the directory service user
ID in the directory service domain.
<roleContextDN>
</roleContextDN>
Specify the portion of the directory service domain that stores group records.
The format is a comma-separated list of directory service attribute names and values. For
example:
For Microsoft Active Directory
CN=Users,DC=ldapserver,DC=mycompany,DC=com
For other LDAP technologies
ou=Groups,o=example.com
</roleSearch>
FreeIPA/IdM does not support OU's
https://pagure.io/freeipa/issue/2973
FWIW, Rob, you closed that RFE
Any suggestions other than to gripe to the other vendor ?
______________________________________________________________________________________________
Daniel E. White
daniel.e.white@nasa.gov<mailto:daniel.e.white@nasa.gov>
NICS Linux Engineer
NASA Goddard Space Flight Center
8800 Greenbelt Road
Building 14, Room E175
Greenbelt, MD 20771
Office: (301) 286-6919
Mobile: (240) 513-5290
From: Rob Crittenden <rcritten(a)redhat.com>
Date: Wednesday, December 4, 2019 at 17:55
To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Cc: Daniel White <daniel.e.white(a)nasa.gov>
Subject: [EXTERNAL] Re: [Freeipa-users] Anyone using FreeIPA/IdM and MicroFocus Network
Automation ?
White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote:
Despite the fact that we selected "Generic LDAP" rather than "Active
Directory", it is still looking for Security Groups and Organization Units.
I've never used it and couldn't find much in their docs. Do you have
more information on what the configuration screen looks like and what
the 389-ds access log is showing?
rob