On Thursday, 18 August 2011 11:26:33 Olivier wrote: > Dmitriy Kirhlarov <[email protected]>: > > What a reason for split user account data to two objects? > > Good question, thanks Dimitry ! > > Here is the problem I had when I tried to merge all info in the same object > : > > $ ldapadd -x -D "cn=Manager,dc=example,dc=fr" -w secret -H > ldap://ldap-master1example.fr -f person.ldif > > adding new entry "uid=olivier,ou=staff,ou=people,dc=example,dc=fr" > ldap_add: Object class violation (65) > additional info: invalid structural object class chain > (inetOrgPerson/account) > > $ cat person.ldif > > dn: uid=olivier,ou=staff,ou=people,dc=example,dc=fr > uid: olivier > uidnumber: 1222 > sn: olivier > cn: Olivier Doe > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectclass: account > objectclass: posixAccount > objectclass: shadowAccount > gidnumber: 18004 > homedirectory: /home/olivier > loginshell: /bin/tcsh > userpassword: {SSHA}ttiFPj/uYlfSACRO2Gr/R0y9nzRHiMBW > > > If I don't use the "objectclass: account" it works.
Use hostObject from ldapns.schema, shipped with pam_ldap. http://svnweb.mageia.org/packages/cauldron/openldap-extra- schemas/current/SOURCES/ldapns.schema?view=markup or http://svnweb.mageia.org/packages/cauldron/openldap-extra- schemas/current/SOURCES/ldapns.ldif?view=markup Regards, Buchan
