[Date Prev][Date Next] [Chronological] [Thread] [Top]

New Account Creation / login oddities



All;
Okay, I'm going to be asking 1,001 questions for a while, until I get this better understood.


I have a new server. All seems pretty good with it.
But, when I add accounts... Depending on how I add them, they may, or may not allow logins.


For example, if I create an account from the following ldif:

dn: uid=<user>,ou=People,dc=ldap-test,dc=com
givenName: bob
sn: <user>
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
uid: gulkebo
cn: gulker, bob
mail: xxxxxxxx@mail.northgrum.com
userPassword: {CRYPT}fHmEOE4NOjwNw
uidNumber: xxxxxx
gidNumber: 14
homeDirectory: /home/xxxxxxx
loginShell: /bin/csh
gecos: Users Name

(sensative info crossed out)

The user created from that ldif will not be able to log in.

However, if I creat a user from the following ldif, he CAN log in:

dn: uid=<user>,ou=People,dc=ldap-test,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
uid: <user>
cn: <user>
userPassword: {CRYPT}2Qj0TPuTG5y2I
uidNumber: 122206
gidNumber: 14
homeDirectory: /home/<user>
loginShell: /bin/csh
gecos: <user>


NOTE: The (primary) difference is the use of "account", and not using inetOrgPerson, and organizationalPerson objectClasses.


If I mix account, and inetOrgPerson, I get an error. But if I don't include account, the user cannot log in.

The reason I want to use inetOrgAccount, is to make use of some of the extended attributes that can be added to the user account.

I've been digging trough the FAQ's, and How-To's, but cannot find any good documentation on the interrelationships between these objectClasses.

Can someone here shed some light on this mystery?

Greatly Appreciated!

Ric