In addition to giving cleanup examples, I believe that it is important to
explain some of the reasons for including certain object classes from the
schemas found in the /etc/ldap/schema directory. For example, in Item #4,
Populating LDAP with the John Doe example it should be explained that there are
AUXILIARY and STRUCTURAL object classes in schema. The posixAccount and
shadowAccount are AUXILIARY object classes defined in the nis.schema, the
inetOrgPerson is a required STRUCTURAL object class defined in . Schema MUST
and MAY items should be explained in inetorgperson.schema. If you try to use
an AUXILIARY object class like posixAccount, without a STRUCTURAL object class
like inetOrgPerson, you'll get the following error:
<pre>
ldap_add: Object class violation (65)
additional info: no structural object class provided
</pre>
The inetOrgPerson object class is derived from organizationalPerson, which is
derived from person, both of which are found in the core.schema file. So
following the MUST and MAY of these object classes. Person MUST have sn
(surname) and cn (common name) defined. I hope that someone gets something out
of this:
<pre>
dn: uid=jdoe,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
# inetOrgPerson -> organizationalPerson -> person
# person must sn cn
sn: Doe
cn: John Doe
</pre>
Then, you add in the AUXILIARY object class posixAccount:
<pre>
objectClass: posixAccount
# posixAccount must cn (above) uid (above) uidNumber gidNumber homeDirectory
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/jdoe
# posixAccount may userPassword loginShell gecos description
#userPassword: jdoe1
#loginShell: /bin/bash
#gecos: John Doe
#description:
</pre>
Then, you add in the AUXILIARY object class shadowAccount:
<pre>
# shadowAccount must uid (above)
# shadowAccount may userPassword (above) shadowLastChange shadowMin shadowMax
shadowWarning shadowInactive shadowExpire shadowFlag description (above)
shadowLastChange: 10877
shadowMin: 8
shadowMax: 999999
shadowWarning: 7
#shadowInactive:
shadowExpire: -1
shadowFlag: 0
</pre>
Then, you use the STRUCTURAL object class for posixGroup:
<pre>
dn: cn=jdoe,ou=groups,dc=example,dc=com
# posixGroup must cn (above) gidNumber
gidNumber: 1000
</pre>
--
OpenLDAP Server should demonstrate ldapdelete cleanup commands for example
ldapadd commands
https://bugs.launchpad.net/bugs/473921
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
