We currently run a ldap server to authenticate our systems. It uses
openldap 2.0.27-23 on redhat 3 or earlier. We recently tried to to
upgrade the servers to Redhat 4 which uses openldap 2.2.13-7. We were
unable to get it to function with the exact setup, configs and database
we used in the earlier versions. As I understand it, strict checking
was enforced in the later version of openldap and was not in the
previous versions. The entries in the ldap directory have the following
object classes: top, person, organizationalperson, inetorgperson,
posixaccount, shadowaccount, account. Person and Account
are both structural classes. I could be off base, but I thought that
only one structural class is allowed and since this wasn't enforced in
earlier versions it worked. Now since it is enforced it may be at least
one of the issues. The main reason the account object class is used is
for the host attribute which we use with the ldap.conf
"pam_check_host_attr" directive to limit who can log into certain
machines. If my assumptions above are correct, are there any
suggestions on how to upgrade to the newer version of openldap and get
around the above issues?