Hi Brian,
it works for me, but I have added the MUST attributes homeDirectory and
uid (from posixAccount):
objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
DESC 'Abstraction of an account with POSIX attributes'
SUP top
AUXILIARY
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
MAY ( userPassword $ loginShell $ gecos $ description ) )
Your LDIF does dot add those two mandatory attributes. the error message
is not appropriate though...
On 04/01/2020 07:28, Brian Burch wrote:
I am currently trying to do a clean setup of a new M25 installation
using and adapting the set of ldapmodify jobs I successfully used many
years ago for my production M23 system (which still works fine).
I've hit quite a few issues with additional schema elements, so I
decided to take it slow and easy to just get the posix stuff working
first. It has been driving me pretty crazy and I really can't work out
what is wrong.
Of course, I have modified:-
dn: cn=nis,ou=schema
changetype: modify
replace: m-disabled
m-disabled: FALSE
... and restarted the server. Studio confirms my change is active.
Here is the existing basic user definition (copied as ldif with studio):-
dn: uid=brian,ou=people,o=pingtoo.com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: Brian E. Burch
sn: Burch
givenname: Brian
uid: brian
userPassword::
e1NTSEF9WWsvOXZhN3ZtNkxBemhYeURmOEczNjhPSjJndGkwazNJeVphelE9P
Q==
So now I try to make a very simple change to turn my ldapentry into a
posixUser:-
dn: uid=brian,ou=People,o=pingtoo.com
changetype: modify
replace: objectClass
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
-
add: uidNumber
uidNumber: 2000
-
add: gidNumber
gidNumber: 2000
But it fails as follows:
ldap_initialize( ldap://ldap.pingtoo.com:10389 )
replace objectClass:
top
person
organizationalPerson
inetOrgPerson
posixAccount
add uidNumber:
2000
add gidNumber:
2000
modifying entry "uid=brian,ou=People,o=pingtoo.com"
ldap_modify: Object class violation (65)
additional info: OBJECT_CLASS_VIOLATION: failed for MessageType :
MODIFY_REQUEST
Message ID : 2
Modify Request
Object : 'uid=brian,ou=People,o=pingtoo.com'
Modification[0]
Operation : replace
Modification
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount Modification[1]
Operation : add
Modification
uidNumber: 2000 Modification[2]
Operation : add
Modification
gidNumber:
2000org.apache.directory.api.ldap.model.message.ModifyRequestImpl@4477d5e7:
ERR_277 Attribute gidNumber not declared in objectClasses of entry
uid=brian,ou=People,o=pingtoo.com
modify ended with rc 65
So I take a look at cn=nis,ou=schema..
* the attributes m-oid 1.3.6.1.1.1.1.0 uidNumber and 1.3.6.1.1.1.1.1
gidNumber are defined.
* the objectClass m-oid 1.3.6.1.1.1.2.0 posixAccount is defined as
structural, metaTop, BUT it does NOT have MAY or MUST entries for
uidNumber or gidNumber!
* I have searched all the other nis objectClasses, but can't find any
reference to the attributes I want to associate with my user. I can't
find the less important ones either, e.g. loginShell, homeDirectory or
gcos.
It has been a long time since I last did this kind of basic setup, so
I accept I have probably overlooked something simple and obvious.
HOWEVER... when I look at the M23 schema, objectClass=posixAccount has
MUST for uidNumber, gidNumber and homeDirectory. It also has MAY for
the other attributes I want to associate with this user. Why the
difference?
I would be grateful if anyone wiser could let me know how to get past
this show-stopper.
Thanks...
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
