[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
New Account Creation / login oddities
All;
Okay, I'm going to be asking 1,001 questions for a while, until I get
this better understood.
I have a new server. All seems pretty good with it.
But, when I add accounts... Depending on how I add them, they may, or
may not allow logins.
For example, if I create an account from the following ldif:
dn: uid=<user>,ou=People,dc=ldap-test,dc=com
givenName: bob
sn: <user>
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
uid: gulkebo
cn: gulker, bob
mail: xxxxxxxx@mail.northgrum.com
userPassword: {CRYPT}fHmEOE4NOjwNw
uidNumber: xxxxxx
gidNumber: 14
homeDirectory: /home/xxxxxxx
loginShell: /bin/csh
gecos: Users Name
(sensative info crossed out)
The user created from that ldif will not be able to log in.
However, if I creat a user from the following ldif, he CAN log in:
dn: uid=<user>,ou=People,dc=ldap-test,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
uid: <user>
cn: <user>
userPassword: {CRYPT}2Qj0TPuTG5y2I
uidNumber: 122206
gidNumber: 14
homeDirectory: /home/<user>
loginShell: /bin/csh
gecos: <user>
NOTE: The (primary) difference is the use of "account", and not using
inetOrgPerson, and organizationalPerson objectClasses.
If I mix account, and inetOrgPerson, I get an error. But if I don't
include account, the user cannot log in.
The reason I want to use inetOrgAccount, is to make use of some of the
extended attributes that can be added to the user account.
I've been digging trough the FAQ's, and How-To's, but cannot find any
good documentation on the interrelationships between these objectClasses.
Can someone here shed some light on this mystery?
Greatly Appreciated!
Ric