Re: DIT structure advice

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Thursday, 18 August 2011 11:26:33 Olivier wrote:
> Dmitriy Kirhlarov <dimma@higis.ru>:
> > What a reason for split user account data to two objects?
> 
> Good question, thanks Dimitry !
> 
> Here is the problem I had when I tried to merge all info in the same object
> :
> 
> $ ldapadd -x -D "cn=Manager,dc=example,dc=fr" -w secret -H
> ldap://ldap-master1example.fr -f person.ldif
> 
> adding new entry "uid=olivier,ou=staff,ou=people,dc=example,dc=fr"
> ldap_add: Object class violation (65)
>        additional info: invalid structural object class chain
> (inetOrgPerson/account)
> 
> $ cat person.ldif
> 
> dn: uid=olivier,ou=staff,ou=people,dc=example,dc=fr
> uid: olivier
> uidnumber: 1222
> sn: olivier
> cn: Olivier Doe
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectclass: account
> objectclass: posixAccount
> objectclass: shadowAccount
> gidnumber: 18004
> homedirectory: /home/olivier
> loginshell: /bin/tcsh
> userpassword: {SSHA}ttiFPj/uYlfSACRO2Gr/R0y9nzRHiMBW
> 
> 
> If I don't use the "objectclass: account" it works.

Use hostObject from ldapns.schema, shipped with pam_ldap.

http://svnweb.mageia.org/packages/cauldron/openldap-extra-
schemas/current/SOURCES/ldapns.schema?view=markup

or

http://svnweb.mageia.org/packages/cauldron/openldap-extra-
schemas/current/SOURCES/ldapns.ldif?view=markup

Regards,
Buchan