[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Account Login / schema question

To: "Tibbetts, Ric" <TIBBERI@mail.northgrum.com>, <openldap-software@OpenLDAP.org>
Subject: Re: Account Login / schema question
From: "Alexei Monastyrnyi" <alexeim@orcsoftware.com>
Date: Fri, 30 May 2003 17:45:26 +0200
References: <3ED76DBE.4090504@mail.northgrum.com>

what sort of error message do you have when you are trying to log in?

I have OpenLDAP 2.1.17 with the following attributes for ordinary user -
works fine.

objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaAccount
objectClass: posixAccount
objectClass: top
userPassword: {CRYPT}bla-bla-bla



----- Original Message -----
From: "Tibbetts, Ric" <TIBBERI@mail.northgrum.com>
To: <openldap-software@OpenLDAP.org>
Sent: Friday, May 30, 2003 4:42 PM
Subject: Account Login / schema question


> All;
> I tried to post this yesterday, but it didn't seem to make it to the
> list for some reason (at least, I never received a copy of it). So I'm
> asking again.
>
> I'm going to be asking 1,001 questions for a while, until I get this
> better understood.
>
> I have a new server. All seems pretty good with it.
> But, when I add accounts... Depending on how I add them, they may, or
> may not allow logins.
>
> For example, if I create an account from the following ldif:
>
> dn: uid=<user>,ou=People,dc=ldap-test,dc=com
> givenName: bob
> sn: <user>
> objectClass: top
> objectClass: posixAccount
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> uid: gulkebo
> cn: gulker, bob
> mail: xxxxxxxx@mail.northgrum.com
> userPassword: {CRYPT}fHmEOE4NOjwNw
> uidNumber: xxxxxx
> gidNumber: 14
> homeDirectory: /home/xxxxxxx
> loginShell: /bin/csh
> gecos: Users Name
>
> (sensative info crossed out)
>
> The user created from that ldif will not be able to log in.
>
> However, if I creat a user from the following ldif, he CAN log in:
>
> dn: uid=<user>,ou=People,dc=ldap-test,dc=com
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> uid: <user>
> cn: <user>
> userPassword: {CRYPT}2Qj0TPuTG5y2I
> uidNumber: 122206
> gidNumber: 14
> homeDirectory: /home/<user>
> loginShell: /bin/csh
> gecos: <user>
>
>
> NOTE: The (primary) difference is the use of "account", and not using
> inetOrgPerson, and organizationalPerson objectClasses.
>
> If I mix account, and inetOrgPerson, I get an error. But if I don't
> include account, the user cannot log in.
>
> The reason I want to use inetOrgAccount, is to make use of some of the
> extended attributes that can be added to the user account.
>
> I've been digging trough the FAQ's, and How-To's, but cannot find any
> good documentation on the interrelationships between these objectClasses.
>
> Can someone here shed some light on this mystery?
>
> Greatly Appreciated!
>
> Ric

References:
- Account Login / schema question
  - From: "Tibbetts, Ric" <TIBBERI@mail.northgrum.com>

Prev by Date: Re: Problem with access to OpenLDAP
Next by Date: Re: Account Login / schema question
Index(es):
- Chronological
- Thread