Hi,
OS: Linux Redhat x86_64 OpenLdap 2.3.27
I am trying to add an objectclass sambaSamAccount to my ou=People. My goal would be to have both samba and posix account for each user.
I have included the samba schema to the slapd.conf file.
I tried adding this to a file and running ldapadd:
dn: uid=laurence, ou=People,dc=istraresearch,dc=com sambaLogonTime: 0 displayName: Laurence Mayer sambaLMPassword: xxxxx sambaPrimaryGroupSID: S-1-5-21-2447931902-1787058256-3961074038-1201 objectClass: sambaSamAccount sambaAcctFlags: [UX ] gidNumber: 100 sambaKickoffTime: 2147483647 sambaPwdLastSet: 1010179230 sambaSID: S-1-5-21-2447931902-1787058256-3961074038-5004 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaNTPassword: xxxx
However I received the error: adding new entry "uid=laurence, ou=People,dc=istraresearch,dc=com" ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute
Please can you tell me what I need to do to achieve this.
Thanks in advance
Laurence
Hi Laurence,
What does your sldap.conf file look like? You are probably not including the proper samba schema file.
Scott
On Sep 2, 2008, at 6:47 AM, Laurence Mayer wrote:
Hi,
OS: Linux Redhat x86_64 OpenLdap 2.3.27
I am trying to add an objectclass sambaSamAccount to my ou=People. My goal would be to have both samba and posix account for each user.
I have included the samba schema to the slapd.conf file.
I tried adding this to a file and running ldapadd:
dn: uid=laurence, ou=People,dc=istraresearch,dc=com sambaLogonTime: 0 displayName: Laurence Mayer sambaLMPassword: xxxxx sambaPrimaryGroupSID: S-1-5-21-2447931902-1787058256-3961074038-1201 objectClass: sambaSamAccount sambaAcctFlags: [UX ] gidNumber: 100 sambaKickoffTime: 2147483647 sambaPwdLastSet: 1010179230 sambaSID: S-1-5-21-2447931902-1787058256-3961074038-5004 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaNTPassword: xxxx
However I received the error: adding new entry "uid=laurence, ou=People,dc=istraresearch,dc=com" ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute
Please can you tell me what I need to do to achieve this.
Thanks in advance
Laurence
Hi Scott, See below.
Thanks Laurence
[root@fs1 ldap]# cat /etc/openldap/slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: #modulepath /usr/lib64/openldap #moduleload back_bdb.la #moduleload back_ldap.la #moduleload back_ldbm.la #moduleload back_passwd.la #moduleload back_shell.la
# The next three lines allow use of TLS for encrypting connections using a # dummy test certificate which you can generate by changing to # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. Your client software # may balk at self-signed certificates, however. # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt # TLSCertificateFile /etc/pki/tls/certs/slapd.pem # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read
access to attrs=userPassword by self write by anonymous auth by * none
#access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=istraresearch,dc=com" rootdn "cn=xxxxx,dc=istraresearch,dc=com" rootpw xxxxxxx # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/sldap # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database #replogfile /var/lib/ldap/openldap-master-replog #replica host=ldap-1.example.com:389 starttls=critical # bindmethod=sasl saslmech=GSSAPI # authcId=host/ldap-master.example.com@EXAMPLE.COM
Scott Classen wrote:
Hi Laurence,
What does your sldap.conf file look like? You are probably not including the proper samba schema file.
Scott
On Sep 2, 2008, at 6:47 AM, Laurence Mayer wrote:
Hi,
OS: Linux Redhat x86_64 OpenLdap 2.3.27
I am trying to add an objectclass sambaSamAccount to my ou=People. My goal would be to have both samba and posix account for each user.
I have included the samba schema to the slapd.conf file.
I tried adding this to a file and running ldapadd:
dn: uid=laurence, ou=People,dc=istraresearch,dc=com sambaLogonTime: 0 displayName: Laurence Mayer sambaLMPassword: xxxxx sambaPrimaryGroupSID: S-1-5-21-2447931902-1787058256-3961074038-1201 objectClass: sambaSamAccount sambaAcctFlags: [UX ] gidNumber: 100 sambaKickoffTime: 2147483647 sambaPwdLastSet: 1010179230 sambaSID: S-1-5-21-2447931902-1787058256-3961074038-5004 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaNTPassword: xxxx
However I received the error: adding new entry "uid=laurence, ou=People,dc=istraresearch,dc=com" ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute
Please can you tell me what I need to do to achieve this.
Thanks in advance
Laurence
Laurence Mayer wrote:
I am trying to add an objectclass sambaSamAccount to my ou=People. My goal would be to have both samba and posix account for each user. [..] objectClass: sambaSamAccount [..] However I received the error: adding new entry "uid=laurence, ou=People,dc=istraresearch,dc=com" ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute
Every LDAP entry needs at least one STRUCTURAL object class and can have zero or multiple AUXLIARY object classes. sambaSamAccount is an AUXLIARY object class. So you have to add at least one other STRUCTURAL object class which suits your needs, e.g. 'inetOrgPerson' or 'account'.
You could try:
dn: uid=laurence, ou=People,dc=istraresearch,dc=com [..] objectClass: account objectClass: sambaSamAccount objectClass: posixAaccount [..]
Leading to additional MUST attributes off course.
Ciao, Michael.
ok got passed that.
I would now like to enable passdb backend = ldapsam:ldap://ldap.example.com
each time I add this to the smb.conf file smb does not restart and I get the following error in my smb.log file.
[2008/09/02 19:01:37, 0] smbd/server.c:main(948) smbd version 3.0.28-1.el5_2.1 started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2008/09/02 19:01:37, 0] services/services_db.c:svcctl_init_keys(420) svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED) [2008/09/02 19:01:37, 0] smbd/server.c:main(1063) ERROR: failed to setup guest info.
I am not sure what the ACCESS_DENIED is referring to. I have run smbpasswd -w xxxxx
and restarted the both ldap and smb, same result.
What else needs to be done?
Thanks
Michael Ströder wrote:
Laurence Mayer wrote:
I am trying to add an objectclass sambaSamAccount to my ou=People. My goal would be to have both samba and posix account for each user. [..] objectClass: sambaSamAccount [..] However I received the error: adding new entry "uid=laurence, ou=People,dc=istraresearch,dc=com" ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute
Every LDAP entry needs at least one STRUCTURAL object class and can have zero or multiple AUXLIARY object classes. sambaSamAccount is an AUXLIARY object class. So you have to add at least one other STRUCTURAL object class which suits your needs, e.g. 'inetOrgPerson' or 'account'.
You could try:
dn: uid=laurence, ou=People,dc=istraresearch,dc=com [..] objectClass: account objectClass: sambaSamAccount objectClass: posixAaccount [..]
Leading to additional MUST attributes off course.
Ciao, Michael.
On Tuesday 02 September 2008 15:47:53 Laurence Mayer wrote:
Hi,
OS: Linux Redhat x86_64 OpenLdap 2.3.27
Add the EPEL repository, and 'yum install smbldap-tools'.
I am trying to add an objectclass sambaSamAccount to my ou=People. My goal would be to have both samba and posix account for each user.
In most cases, the Posix attributes are a requirement in any case ...
I have included the samba schema to the slapd.conf file.
I tried adding this to a file and running ldapadd:
dn: uid=laurence, ou=People,dc=istraresearch,dc=com sambaLogonTime: 0 displayName: Laurence Mayer sambaLMPassword: xxxxx sambaPrimaryGroupSID: S-1-5-21-2447931902-1787058256-3961074038-1201 objectClass: sambaSamAccount sambaAcctFlags: [UX ] gidNumber: 100 sambaKickoffTime: 2147483647 sambaPwdLastSet: 1010179230 sambaSID: S-1-5-21-2447931902-1787058256-3961074038-5004 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaNTPassword: xxxx
You really shouldn't be typing so much in manually ....
However I received the error: adding new entry "uid=laurence, ou=People,dc=istraresearch,dc=com" ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute
You only have one objectclass in the entry above, and it is not a structural objectclass, but an auxiliary one. You should add a structural objectclass
The conventional one (and that used by smbldap-tools) is inetOrgPerson.
Regards, Buchan
Anyone see this before while trying to cpan install Unicode::MapUTF8?
I cannot use the smbldap without it
Thanks
t/unistr......ok
Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/map8.t 0 11 ?? ?? % ?? Failed 1/4 test scripts, 75.00% okay. 0/6 subtests failed, 100.00% okay. make: *** [test_dynamic] Error 255 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force Running make for S/SN/SNOWHARE/Unicode-MapUTF8-1.11.tar.gz Is already unwrapped into directory /root/.cpan/build/Unicode-MapUTF8-1.11
CPAN.pm: Going to build S/SN/SNOWHARE/Unicode-MapUTF8-1.11.tar.gz
cp lib/Unicode/MapUTF8.pod blib/lib/Unicode/MapUTF8.pod cp lib/Unicode/MapUTF8.pm blib/lib/Unicode/MapUTF8.pm Manifying blib/man3/Unicode::MapUTF8.3pm /usr/bin/make -- OK Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/01_unicode_maputf8....Can't locate Unicode/Map8.pm in @INC (@INC contains: ./blib ../blib ../lib ./lib /root/.cpan/build/Unicode-MapUTF8-1.11/blib/lib /root/.cpan/build/Unicode-MapUTF8-1.11/blib/arch /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib64/perl5/site_perl/5.8.7/x86_64-linux-thread-multi /usr/lib64/perl5/site_perl/5.8.6/x86_64-linux-thread-multi /usr/lib64/perl5/site_perl/5.8.5/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib64/perl5/vendor_perl/5.8.7/x86_64-linux-thread-multi /usr/lib64/perl5/vendor_perl/5.8.6/x86_64-linux-thread-multi /usr/lib64/perl5/vendor_perl/5.8.5/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) at lib/Unicode/MapUTF8.pm line 7. BEGIN failed--compilation aborted at lib/Unicode/MapUTF8.pm line 7. Compilation failed in require at t/01_unicode_maputf8.t line 6. BEGIN failed--compilation aborted at t/01_unicode_maputf8.t line 6. t/01_unicode_maputf8....dubious
Test returned status 2 (wstat 512, 0x200) t/97_distribution.......skipped all skipped: Test::Distribution not installed t/98_pod_coverage.......skipped all skipped: Test::Pod::Coverage 1.06 required for testing POD coverage t/99_pod................ok
Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/01_unicode_maputf8.t 2 512 ?? ?? % ?? 2 tests skipped. Failed 1/4 test scripts, 75.00% okay. 0/2 subtests failed, 100.00% okay. make: *** [test_dynamic] Error 255 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force
Buchan Milne wrote:
On Tuesday 02 September 2008 15:47:53 Laurence Mayer wrote:
Hi,
OS: Linux Redhat x86_64 OpenLdap 2.3.27
Add the EPEL repository, and 'yum install smbldap-tools'.
I am trying to add an objectclass sambaSamAccount to my ou=People. My goal would be to have both samba and posix account for each user.
In most cases, the Posix attributes are a requirement in any case ...
I have included the samba schema to the slapd.conf file.
I tried adding this to a file and running ldapadd:
dn: uid=laurence, ou=People,dc=istraresearch,dc=com sambaLogonTime: 0 displayName: Laurence Mayer sambaLMPassword: xxxxx sambaPrimaryGroupSID: S-1-5-21-2447931902-1787058256-3961074038-1201 objectClass: sambaSamAccount sambaAcctFlags: [UX ] gidNumber: 100 sambaKickoffTime: 2147483647 sambaPwdLastSet: 1010179230 sambaSID: S-1-5-21-2447931902-1787058256-3961074038-5004 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaNTPassword: xxxx
You really shouldn't be typing so much in manually ....
However I received the error: adding new entry "uid=laurence, ou=People,dc=istraresearch,dc=com" ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute
You only have one objectclass in the entry above, and it is not a structural objectclass, but an auxiliary one. You should add a structural objectclass
The conventional one (and that used by smbldap-tools) is inetOrgPerson.
Regards, Buchan
On Wednesday 03 September 2008 17:39:50 Laurence Mayer wrote:
Anyone see this before while trying to cpan install Unicode::MapUTF8?
I take it then that you didn't read the first line of my reply? http://mirrors.telkomsa.net/pub/linux/fedora/epel/5Server/i386/smbldap- tools-0.9.4-1.el5.noarch.rpm http://mirrors.telkomsa.net/pub/linux/fedora/epel/5Server/i386/perl-Unicode- MapUTF8-1.11-7.el5.noarch.rpm
Buchan Milne wrote:
On Tuesday 02 September 2008 15:47:53 Laurence Mayer wrote:
Hi,
OS: Linux Redhat x86_64 OpenLdap 2.3.27
Add the EPEL repository, and 'yum install smbldap-tools'.
Regards, Buchan
Yes I did read the first line.
I tried this and after downloading the MapUTF8 I get failed dependancies (rpm -hiv perl-Unicode-MapUTF8-1.11-7.el5.noarch.rpm)
warning: perl-Unicode-MapUTF8-1.11-7.el5.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 217521f6 error: Failed dependencies: perl(Jcode) is needed by perl-Unicode-MapUTF8-1.11-7.el5.noarch perl(Unicode::Map) is needed by perl-Unicode-MapUTF8-1.11-7.el5.noarch perl(Unicode::Map8) is needed by perl-Unicode-MapUTF8-1.11-7.el5.noarch perl(Unicode::String) is needed by perl-Unicode-MapUTF8-1.11-7.el5.noarch
I then tried cpan install etc and I get the same error as below.
So I am stuck.
Note: I am on RH x86_64
Thanks Laurence
Buchan Milne wrote:
On Wednesday 03 September 2008 17:39:50 Laurence Mayer wrote:
Anyone see this before while trying to cpan install Unicode::MapUTF8?
I take it then that you didn't read the first line of my reply? http://mirrors.telkomsa.net/pub/linux/fedora/epel/5Server/i386/smbldap- tools-0.9.4-1.el5.noarch.rpm http://mirrors.telkomsa.net/pub/linux/fedora/epel/5Server/i386/perl-Unicode- MapUTF8-1.11-7.el5.noarch.rpm
Buchan Milne wrote:
On Tuesday 02 September 2008 15:47:53 Laurence Mayer wrote:
Hi,
OS: Linux Redhat x86_64 OpenLdap 2.3.27
Add the EPEL repository, and 'yum install smbldap-tools'.
Regards, Buchan
On Wednesday 03 September 2008 18:12:53 Laurence Mayer wrote:
Yes I did read the first line.
I tried this and after downloading the MapUTF8 I get failed dependancies (rpm -hiv perl-Unicode-MapUTF8-1.11-7.el5.noarch.rpm)
But, if you had added the repo to yum instead, yum would have found the package that provides the missing dependencies, downloaded them for you, and installed them.
So I am stuck.
Note: I am on RH x86_64
I have at least one box running RHEL5 x86_64 on which 'yum install smbldap- tools' just worked.
Regards, Buchan
Thanks
resolved the installation problem.
Buchan Milne wrote:
On Wednesday 03 September 2008 18:12:53 Laurence Mayer wrote:
Yes I did read the first line.
I tried this and after downloading the MapUTF8 I get failed dependancies (rpm -hiv perl-Unicode-MapUTF8-1.11-7.el5.noarch.rpm)
But, if you had added the repo to yum instead, yum would have found the package that provides the missing dependencies, downloaded them for you, and installed them.
So I am stuck.
Note: I am on RH x86_64
I have at least one box running RHEL5 x86_64 on which 'yum install smbldap- tools' just worked.
Regards, Buchan
openldap-technical@openldap.org
-
Buchan Milne -
Laurence Mayer -
Michael Ströder -
Scott Classen