I’m running into an issue with adding users to LDAP, when I use the following LDIF
dn: mail=jsmith,ou=customers,dc=mydeqcust,dc=org cn: John Smith sn: Smith uid: jsmith mail: jsmith@dev.localmailto:jsmith@dev.local objectClass: inetOrgPerson mail: jsmith
it adds fine, however does not show any attributes from OrginizationalPerson or Person. I checked in the slapd.d schema files and all the objectClasses have the correct SUP records. My understanding from the docs at http://www.zytrax.com/books/ldap/apa/ldif-objects.html was that openldap will include the inherited items automatically. I’m running slapd 2.4.39 with the slapd.d config style. Is there an additional option I need to configure?
Matthew Marshall Network/Systems Engineer 602-771-4637 Matthew.Marshall@azdeq.govmailto:Matthew.Marshall@azdeq.gov
********************************************************************** NOTICE: This e-mail (and any attachments) may contain PRIVILEGED OR CONFIDENTIAL information and is intended only for the use of the specific individual(s) to whom it is addressed. It may contain information that is privileged and confidential under state and federal law. This information may be used or disclosed only in accordance with law, and you may be subject to penalties under law for improper use or further disclosure of the information in this e-mail and its attachments. If you have received this e-mail in error, please immediately notify the person named above by reply e-mail, and then delete the original e-mail. Thank you.
Matthew W. Marshall wrote:
I’m running into an issue with adding users to LDAP, when I use the following LDIF
dn: mail=jsmith,ou=customers,dc=mydeqcust,dc=org cn: John Smith sn: Smith uid: jsmith mail: jsmith@dev.localmailto:jsmith@dev.local objectClass: inetOrgPerson mail: jsmith
it adds fine, however does not show any attributes from OrginizationalPerson or Person.
Could you please elaborate on what "does not show any attributes from OrginizationalPerson or Person" really means? Indeed OpenLDAP does not automagically add the superior object classes to attribute 'objectClass'.
But if adding the entry above worked then inheritance worked correctly (e.g. because of 'cn' and 'sn') and there is no bug.
Without seeing more of your config (e.g. ACLs) and more client details I cannot see any reason why it's not working in your case.
Do you have any ACLs with attrs=@person or similar?
Ciao, Michael.
Am Tue, 10 Feb 2015 17:18:10 +0000 schrieb "Matthew W. Marshall" Marshall.Matthew@azdeq.gov:
I’m running into an issue with adding users to LDAP, when I use the following LDIF
dn: mail=jsmith,ou=customers,dc=mydeqcust,dc=org cn: John Smith sn: Smith uid: jsmith mail: jsmith@dev.localmailto:jsmith@dev.local objectClass: inetOrgPerson mail: jsmith
it adds fine, however does not show any attributes from OrginizationalPerson or Person. I checked in the slapd.d schema files and all the objectClasses have the correct SUP records. My understanding from the docs at http://www.zytrax.com/books/ldap/apa/ldif-objects.html was that openldap will include the inherited items automatically. I’m running slapd 2.4.39 with the slapd.d config style. Is there an additional option I need to configure?
[...]
attribute types cn and sn are required by object class person, uid and mail are requested by object class inetOrgPerson. What else do you expect?
-Dieter
On Feb 11, 2015, at 4:11 AM, Dieter Klünter dieter@dkluenter.de wrote:
Am Tue, 10 Feb 2015 17:18:10 +0000 schrieb "Matthew W. Marshall" Marshall.Matthew@azdeq.gov:
I’m running into an issue with adding users to LDAP, when I use the following LDIF
dn: mail=jsmith,ou=customers,dc=mydeqcust,dc=org cn: John Smith sn: Smith uid: jsmith mail: jsmith@dev.localmailto:jsmith@dev.local objectClass: inetOrgPerson mail: jsmith
it adds fine, however does not show any attributes from OrginizationalPerson or Person. I checked in the slapd.d schema files and all the objectClasses have the correct SUP records. My understanding from the docs at http://www.zytrax.com/books/ldap/apa/ldif-objects.html was that openldap will include the inherited items automatically. I’m running slapd 2.4.39 with the slapd.d config style. Is there an additional option I need to configure?
[...]
attribute types cn and sn are required by object class person, uid and mail are requested by object class inetOrgPerson. What else do you expect?
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42”E
It looks like it is working as expected, the tool I was using (jxplorer) wasn’t showing the other attributes, however if I add them to an ldif file it does work with ldapadd. After reading some more of the docs, it looks like jxplorer retrieves the list of oc’s from ldap, which if only one was specified only returns one. Thats why I wasn’t seeing the additional attributes in it. The issue originally rose because our devs were using attributes like drink that were not part of inetorgperson, and my attempt to recreate was flawed. Sorry about that, but thank you for the quick response.
On a related note, is there a good guide for adding object classes to an OLC configuration? I’m running into some issues, but am sure I’m doing it completely wrong.
Matthew Marshall Network/Systems Engineer 602-771-4637 Matthew.Marshall@azdeq.gov
********************************************************************** NOTICE: This e-mail (and any attachments) may contain PRIVILEGED OR CONFIDENTIAL information and is intended only for the use of the specific individual(s) to whom it is addressed. It may contain information that is privileged and confidential under state and federal law. This information may be used or disclosed only in accordance with law, and you may be subject to penalties under law for improper use or further disclosure of the information in this e-mail and its attachments. If you have received this e-mail in error, please immediately notify the person named above by reply e-mail, and then delete the original e-mail. Thank you.
Matthew W. Marshall wrote:
It looks like it is working as expected, the tool I was using (jxplorer) wasn’t showing the other attributes,
Schema support in jxplorer is known to be insufficient/flawed. Use a LDAP client with decent schema support.
My web2ldap is the only LDAP client with really *complete* schema support. All others have some small or bigger deficiencies.
Ciao, Michael.
openldap-technical@openldap.org
-
Dieter Klünter -
Matthew W. Marshall -
Michael Ströder