[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: More LdapADD Problem



Oops, I replied to the sender instead of the mailing list.
> 
> 
> The objectClass is inetLocalMailRecipient, not mailRecipient. 
>  Also, don't add rfc822-MailMember, as that has conflicting 
> entries with misc.schema.  If you need some of the entries 
> (although with the misc.schema I can't see why) add them to a 
> custom schema (local.schema?) and add that to your 
> slapd.conf.  Change the objectClass, and you should be good 
> to go.  Another thing: if you are using Kerberos 
> authentication, the password should be 
> {KERBEROS}username@REALM (ex: {KERBEROS}user1@MYREALM.COM).
> 
> > 
> > I can add:
> > dn: dc=example,dc=com
> > objectclass: dcObject
> > objectclass: organization
> > o: Example Corp.
> > dc: example
> > 
> > dn: cn=Manager,dc=example,dc=com
> > objectclass: organizationalRole
> > cn: Manager
> > 
> > I was told the prior entry is required. Now, to add the entry 
> > below (I 
> > have about 15,000), what do to create? I am getting error:
> > adding new entry "uid=myself,ou=People,dc=example,dc=com"
> > ldap_add: Object class violation
> >         additional info: unrecognized objectClass 'mailRecipient'
> > 
> > 
> > I cannot add:
> > dn: uid=myself,ou=People,dc=example,dc=com
> > uid: myself
> > cn: Myself Me
> > givenname: Myself
> > sn: Me
> > mail: myself@mail.example.com
> > mailRoutingAddress: myself@mail.exmaple.com
> > mailHost: mail.example.com
> > objectClass: mailRecipient
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: account
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: kerberosSecurityObject
> > objectClass: shadowAccount
> > userPassword: {crypt}$1$AQusKHVT$oWEzfy9MfXhdu4eGQIUN.1
> > shadowLastChange: 11560
> > shadowMin: -1
> > shadowMax: 99999
> > shadowWarning: -1
> > shadowInactive: -1
> > shadowExpire: -1
> > shadowFlag: 140354788
> > krbname: myself@MAIL.EXAMPLE.COM
> > loginShell: /bin/bash
> > uidNumber: 500
> > gidNumber: 500
> > homeDirectory: /home/shonnedb
> > gecos: Shonne Beavers
> > 
> > ==== slapd.conf ====
> > # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 
> > 20:00:31 kurt Exp $
> > #
> > # See slapd.conf(5) for details on configuration options.
> > # This file should NOT be world readable.
> > #
> > include         /etc/openldap/schema/core.schema
> > include         /etc/openldap/schema/cosine.schema
> > include         /etc/openldap/schema/inetorgperson.schema
> > include         /etc/openldap/schema/misc.schema
> > include         /etc/openldap/schema/nis.schema
> > include         /etc/openldap/schema/redhat/rfc822-MailMember.schema
> > include         /etc/openldap/schema/redhat/autofs.schema
> > include         /etc/openldap/schema/redhat/kerberosobject.schema
> > 
> > # Define global ACLs to disable default read access.
> > 
> > # Do not enable referrals until AFTER you have a working directory
> > # service AND an understanding of referrals.
> > # referral      ldap://root.openldap.org
> > 
> > pidfile         /var/run/slapd.pid
> > argsfile        /var/run/slapd.args
> > 
> > # Create a replication log in /var/lib/ldap for use by slurpd.
> > #i replogfile   /var/lib/ldap/master-slapd.replog
> > 
> > # Load dynamic backend modules:
> > # modulepath    /usr/sbin/openldap
> > # moduleload    back_ldap.la
> > # moduleload    back_ldbm.la
> > # moduleload    back_passwd.la
> > # moduleload    back_shell.la
> > 
> > #
> > # The next two lines allow use of TLS for connections using a dummy 
> > test
> > # certificate, but you should generate a proper certificate 
> > by changing 
> > to
> > # /usr/share/ssl/certs, running "make slapd.pem", and fixing 
> > permissions 
> > on
> > # slapd.pem so that the ldap user or group can read it.
> > # TLSCertificateFile /usr/share/ssl/certs/slapd.pem
> > # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
> > #
> > 
> > 
> > 
> > # Sample Access Control
> > #       Allow read access of root DSE
> > #       Allow self write access
> > #       Allow authenticated users read access
> > #       Allow anonymous users to authenticate
> > #
> > access to dn="" by * read
> > 
> > access to attr=userpasswd
> >         by self write
> >         by anonymous auth
> >         by dn="cn=Manager,dc=example,com" write
> >         by * none
> > 
> > access to *
> >         by self write
> >         by users read
> >         by anonymous auth
> > 
> > # if no access controls are present, the default is:
> > #       Allow read by all
> > #
> > # rootdn can always write!
> > 
> > ##############################################################
> > #########
> > # ldbm database definitions
> > ##############################################################
> > #########
> > 
> > database        ldbm
> > suffix          "dc=example,dc=com"
> > #suffix         "o=My Organization Name,c=US"
> > rootdn          "cn=Manager,dc=example,dc=com"
> > #rootdn         "cn=Manager,o=My Organization Name,c=US"
> > 
> > 
> > # Cleartext passwords, especially for the rootdn, should
> > # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
> > # Use of strong authentication encouraged.
> > rootpw          secret1
> > # rootpw                {crypt}ijFYNcSNctBYg
> > # The database directory MUST exist prior to running slapd AND 
> > # should only be accessible by the slapd/tools. Mode 700 
> recommended.
> > directory       /var/lib/ldap
> > 
> > # Indices to maintain
> > index   objectClass,uid,uidNumber,gidNumber,memberUid         
> >   pres,eq
> > index   cn,mail,surname,givenname                               
> > pres,eq,subinitial
> > 
> > # Replicas to which we should propagate changes
> > #replica host=ldap-1.example.com:389 tls=yes
> > #       bindmethod=sasl saslmech=GSSAPI
> > #       authcId=host/ldap-master.example.com@EXAMPLE.
> > 
> > 
> > 
>