[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: DIT structure advice
On Thursday, 18 August 2011 11:26:33 Olivier wrote:
> Dmitriy Kirhlarov <dimma@higis.ru>:
> > What a reason for split user account data to two objects?
>
> Good question, thanks Dimitry !
>
> Here is the problem I had when I tried to merge all info in the same object
> :
>
> $ ldapadd -x -D "cn=Manager,dc=example,dc=fr" -w secret -H
> ldap://ldap-master1example.fr -f person.ldif
>
> adding new entry "uid=olivier,ou=staff,ou=people,dc=example,dc=fr"
> ldap_add: Object class violation (65)
> additional info: invalid structural object class chain
> (inetOrgPerson/account)
>
> $ cat person.ldif
>
> dn: uid=olivier,ou=staff,ou=people,dc=example,dc=fr
> uid: olivier
> uidnumber: 1222
> sn: olivier
> cn: Olivier Doe
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectclass: account
> objectclass: posixAccount
> objectclass: shadowAccount
> gidnumber: 18004
> homedirectory: /home/olivier
> loginshell: /bin/tcsh
> userpassword: {SSHA}ttiFPj/uYlfSACRO2Gr/R0y9nzRHiMBW
>
>
> If I don't use the "objectclass: account" it works.
Use hostObject from ldapns.schema, shipped with pam_ldap.
http://svnweb.mageia.org/packages/cauldron/openldap-extra-
schemas/current/SOURCES/ldapns.schema?view=markup
or
http://svnweb.mageia.org/packages/cauldron/openldap-extra-
schemas/current/SOURCES/ldapns.ldif?view=markup
Regards,
Buchan