[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: setting up LDAP question
Mike Denka a écrit :
>
> One thing you'll have to deal with if you ever plan to upgrade to 2.1.x
> or (I assume) beyond is a strict enforcement of the single structural
> objectclass entry rule. In 2.1.x you must have one and ONLY one
> structural object class represented in each entry. So your entries in
> cn=unixgroup,ou=users, for example, would not be permitted because both
> the posixGroup and the groupOfUniqueNames are structural objectclasses.
> But in uid=userx,ou=users, you have no structural objectclasses. So
> this class of entry would also be rejected.
Indeed, I read lots of things about this "only one structural
objectclass" !
I encouter enormous problem with that.
Is there somewhere a faq-O-Matic, issue tracking , changelog, man ...
any doc which would explain how and why all this !?
My entries are looking like this in terms of objectclass: I get problems
with posixAccount kerberosSecurityObject ... objectClass that are from
openldap schemas !
objectClass: top
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: IntE-user # My personnal objectclass
objectClass: labeledURIObject
objectClass: strongAuthenticationUser
objectClass: certificationAuthority
objectClass: shadowAccount
objectClass: kerberosSecurityObject
and its getting very complicated and annoying to resolve my problems !
will the schema included in latest openldap version be rewritten to take
care of those new constraints ?
> Mike
>
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of richard
> lucassen
> Sent: Tuesday, November 05, 2002 2:09 PM
> To: openldap-software@OpenLDAP.org
> Subject: setting up LDAP question
>
> I want to:
>
> - use LDAP for internal use
> - use LDAP for an addressbook
> - use LDAP for user auth
> - use LDAP for different other future databases
> - use my own objectclasses. I have an IANA number (1.3.6.1.4.1.10624).
>
> It works, but I'd like to know if I'm on the right way when I organize
> things like this:
>
> dc=lucassen,dc=org
> |\__ou=users
> | |\__cn=unixgroup (top,posixGroup,groupOfUniqueNames)
> | |\__uid=user1 (top,posixAccount,shadowAccount)
> | |\__uid=user2
> | \__uid=user3
> |
> |\__ou=addressbook
> | |\__cn=address1 (naw [local.schema])
> | |\__cn=address2
> | |\__cn=address3
> | \__cn=address4
> |
> |\__ou=other-database
> | |\__cn=entry1 (another-objectclass [local.schema])
>
> I have a local.schema, a slapd.conf (a RedHat version) and an ldif dump:
>
> http://tech1.cam.nl/docs/ldap/local.schema
> http://tech1.cam.nl/docs/ldap/test2.ldif
> http://tech1.cam.nl/docs/ldap/slapd.conf
>
> It is an rpm install of openldap-2.0.23-4 on RedHat-7.3.
>
> Comments are really appreciated. I'm an LDAP newbie. Please do not talk
> 5-year-LDAP-experience-language to me ;-) I just want to set up an LDAP
> server that is properly configured.
>
> Richard.
>
> --
> ___________________________________________________________________
> Recursion: see recursion
>
> +------------------------------------------------------------------+
> | Richard Lucassen, Utrecht, Linux 2.4.19 RedHat 7.2 |
> | The Netherlands i686/1200MHz/768MB |
> | Public key: http://www.xs4all.nl/~pe1bbf/pubkey.asc |
> +------------------------------------------------------------------+
--
Jehan Procaccia
Institut National des Telecommunications| Email:
Jehan.Procaccia@int-evry.fr
MCI, Moyens Communs Informatiques | Tel : +33 (0) 160764436
9 rue Charles Fourier 91011 Evry France | Fax : +33 (0) 160764321