[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Adding Objectclass account gives object class violation



On Wednesday, 14 April 2010 11:22:35 Adam Tauno Williams wrote:
> On Wed, 2010-04-14 at 14:28 +0530, Shamika Joshi wrote:
> > I'm using samba-openldap on Ubuntu 9.10 Server. I have created
> > following user:rick using smbldap-tools which use default
> > samba.schema.eg shown below.
> > Now I also want to use "Host based authentication" using pam_filter
> > where I need to mention host entry which has to be present in that
> > user record.
> > pam_filter |(host=cms2)(host=cms3)
> > However "host" attribute appears only if I add "objectclass:account".
> > If I go ahead to add that here for user:rick it gives me objectclass
> > violation. What could be the way out of it? Any inputs would be highly
> > appreciated
> 
> You are violating the structural objectclass chain.
> 
> > cn: rick
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: shadowAccount
> > objectClass: sambaSamAccount
> 
> You 'deepest' structural objectclass is an inetOrgPerson;  a person is
> not an account.  [Yea, that part is pretty dumb - account should be
> abstract.]

No, it should be auxiliary, which it is in ldapns.schema, shipped with 
pam_ldap. The rest of this suggestion is a ridiculously complex solution to 
the problem, considering the user has problems adding an existing schema 
definition ...

Regards,
Buchan