[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: More LdapADD Problem
Oops, I replied to the sender instead of the mailing list.
>
>
> The objectClass is inetLocalMailRecipient, not mailRecipient.
> Also, don't add rfc822-MailMember, as that has conflicting
> entries with misc.schema. If you need some of the entries
> (although with the misc.schema I can't see why) add them to a
> custom schema (local.schema?) and add that to your
> slapd.conf. Change the objectClass, and you should be good
> to go. Another thing: if you are using Kerberos
> authentication, the password should be
> {KERBEROS}username@REALM (ex: {KERBEROS}user1@MYREALM.COM).
>
> >
> > I can add:
> > dn: dc=example,dc=com
> > objectclass: dcObject
> > objectclass: organization
> > o: Example Corp.
> > dc: example
> >
> > dn: cn=Manager,dc=example,dc=com
> > objectclass: organizationalRole
> > cn: Manager
> >
> > I was told the prior entry is required. Now, to add the entry
> > below (I
> > have about 15,000), what do to create? I am getting error:
> > adding new entry "uid=myself,ou=People,dc=example,dc=com"
> > ldap_add: Object class violation
> > additional info: unrecognized objectClass 'mailRecipient'
> >
> >
> > I cannot add:
> > dn: uid=myself,ou=People,dc=example,dc=com
> > uid: myself
> > cn: Myself Me
> > givenname: Myself
> > sn: Me
> > mail: myself@mail.example.com
> > mailRoutingAddress: myself@mail.exmaple.com
> > mailHost: mail.example.com
> > objectClass: mailRecipient
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: account
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: kerberosSecurityObject
> > objectClass: shadowAccount
> > userPassword: {crypt}$1$AQusKHVT$oWEzfy9MfXhdu4eGQIUN.1
> > shadowLastChange: 11560
> > shadowMin: -1
> > shadowMax: 99999
> > shadowWarning: -1
> > shadowInactive: -1
> > shadowExpire: -1
> > shadowFlag: 140354788
> > krbname: myself@MAIL.EXAMPLE.COM
> > loginShell: /bin/bash
> > uidNumber: 500
> > gidNumber: 500
> > homeDirectory: /home/shonnedb
> > gecos: Shonne Beavers
> >
> > ==== slapd.conf ====
> > # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27
> > 20:00:31 kurt Exp $
> > #
> > # See slapd.conf(5) for details on configuration options.
> > # This file should NOT be world readable.
> > #
> > include /etc/openldap/schema/core.schema
> > include /etc/openldap/schema/cosine.schema
> > include /etc/openldap/schema/inetorgperson.schema
> > include /etc/openldap/schema/misc.schema
> > include /etc/openldap/schema/nis.schema
> > include /etc/openldap/schema/redhat/rfc822-MailMember.schema
> > include /etc/openldap/schema/redhat/autofs.schema
> > include /etc/openldap/schema/redhat/kerberosobject.schema
> >
> > # Define global ACLs to disable default read access.
> >
> > # Do not enable referrals until AFTER you have a working directory
> > # service AND an understanding of referrals.
> > # referral ldap://root.openldap.org
> >
> > pidfile /var/run/slapd.pid
> > argsfile /var/run/slapd.args
> >
> > # Create a replication log in /var/lib/ldap for use by slurpd.
> > #i replogfile /var/lib/ldap/master-slapd.replog
> >
> > # Load dynamic backend modules:
> > # modulepath /usr/sbin/openldap
> > # moduleload back_ldap.la
> > # moduleload back_ldbm.la
> > # moduleload back_passwd.la
> > # moduleload back_shell.la
> >
> > #
> > # The next two lines allow use of TLS for connections using a dummy
> > test
> > # certificate, but you should generate a proper certificate
> > by changing
> > to
> > # /usr/share/ssl/certs, running "make slapd.pem", and fixing
> > permissions
> > on
> > # slapd.pem so that the ldap user or group can read it.
> > # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> > # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> > #
> >
> >
> >
> > # Sample Access Control
> > # Allow read access of root DSE
> > # Allow self write access
> > # Allow authenticated users read access
> > # Allow anonymous users to authenticate
> > #
> > access to dn="" by * read
> >
> > access to attr=userpasswd
> > by self write
> > by anonymous auth
> > by dn="cn=Manager,dc=example,com" write
> > by * none
> >
> > access to *
> > by self write
> > by users read
> > by anonymous auth
> >
> > # if no access controls are present, the default is:
> > # Allow read by all
> > #
> > # rootdn can always write!
> >
> > ##############################################################
> > #########
> > # ldbm database definitions
> > ##############################################################
> > #########
> >
> > database ldbm
> > suffix "dc=example,dc=com"
> > #suffix "o=My Organization Name,c=US"
> > rootdn "cn=Manager,dc=example,dc=com"
> > #rootdn "cn=Manager,o=My Organization Name,c=US"
> >
> >
> > # Cleartext passwords, especially for the rootdn, should
> > # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> > # Use of strong authentication encouraged.
> > rootpw secret1
> > # rootpw {crypt}ijFYNcSNctBYg
> > # The database directory MUST exist prior to running slapd AND
> > # should only be accessible by the slapd/tools. Mode 700
> recommended.
> > directory /var/lib/ldap
> >
> > # Indices to maintain
> > index objectClass,uid,uidNumber,gidNumber,memberUid
> > pres,eq
> > index cn,mail,surname,givenname
> > pres,eq,subinitial
> >
> > # Replicas to which we should propagate changes
> > #replica host=ldap-1.example.com:389 tls=yes
> > # bindmethod=sasl saslmech=GSSAPI
> > # authcId=host/ldap-master.example.com@EXAMPLE.
> >
> >
> >
>