On Thursday, 18 August 2011 11:26:33 Olivier wrote:
Dmitriy Kirhlarov dimma@higis.ru:
What a reason for split user account data to two objects?
Good question, thanks Dimitry !
Here is the problem I had when I tried to merge all info in the same object :
$ ldapadd -x -D "cn=Manager,dc=example,dc=fr" -w secret -H ldap://ldap-master1example.fr -f person.ldif
adding new entry "uid=olivier,ou=staff,ou=people,dc=example,dc=fr" ldap_add: Object class violation (65) additional info: invalid structural object class chain (inetOrgPerson/account)
$ cat person.ldif
dn: uid=olivier,ou=staff,ou=people,dc=example,dc=fr uid: olivier uidnumber: 1222 sn: olivier cn: Olivier Doe objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectclass: account objectclass: posixAccount objectclass: shadowAccount gidnumber: 18004 homedirectory: /home/olivier loginshell: /bin/tcsh userpassword: {SSHA}ttiFPj/uYlfSACRO2Gr/R0y9nzRHiMBW
If I don't use the "objectclass: account" it works.
Use hostObject from ldapns.schema, shipped with pam_ldap.
http://svnweb.mageia.org/packages/cauldron/openldap-extra- schemas/current/SOURCES/ldapns.schema?view=markup
or
http://svnweb.mageia.org/packages/cauldron/openldap-extra- schemas/current/SOURCES/ldapns.ldif?view=markup
Regards, Buchan