[Date Prev][Date Next] [Chronological] [Thread] [Top]

host schema conflict

To: openldap-software@OpenLDAP.org
Subject: host schema conflict
From: Seth Faxon <faxons@gmail.com>
Date: Mon, 6 Sep 2004 13:13:24 -0700

Dear all - 

I'm using LDAP and Kerberos for authentication.  I would like to use
the host attribute to control access to  machines via the pam_ldap's
host-checking.  So in my ldap.conf file I will use:
pam_check_host_attr   yes

I'm running into a problem with the host attribute that this will
require.  Two of the schema's objectClasses conflict so I cannot
create the host attribute.  Trying to enter this ldif file:

dn:uid=user,ou=people,dc=example,dc=com
cn: User McUser
givenname: User
sn: McUser
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 132
gidNumber: 930
homeDirectory: /home/user
host: myhost.example.com

results in the error: 

adding new entry "uid=users,dc=example,dc=com"
ldap_add: Object class violation (65)
        additional info: invalid structural object class chain
(inetOrgPerson/account)

I've googled some and didn't really like the results I found.  One
sugested that I change the account to not require userid but I would
rather keep my schema's standard.  Does anyone have some good
sugestions as to how to work around this?

Thanks

Seth

Follow-Ups:
- Re: host schema conflict
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: LDAP-DB-crash after server-powerloss ?
Next by Date: Strange behaviour with saslautz: "incorrect" access directives cause segmentation fault
Index(es):
- Chronological
- Thread