[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DIT structure advice

Dmitriy Kirhlarov <dimma@higis.ru>:
> What a reason for split user account data to two objects?

Good question, thanks Dimitry !

Here is the problem I had when I tried to merge all info in the same object :

$ ldapadd -x -D "cn=Manager,dc=example,dc=fr" -w secret -H
ldap://ldap-master1example.fr -f person.ldif

adding new entry "uid=olivier,ou=staff,ou=people,dc=example,dc=fr"
ldap_add: Object class violation (65)
       additional info: invalid structural object class chain

$ cat person.ldif

dn: uid=olivier,ou=staff,ou=people,dc=example,dc=fr
uid: olivier
uidnumber: 1222
sn: olivier
cn: Olivier Doe
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectclass: account
objectclass: posixAccount
objectclass: shadowAccount
gidnumber: 18004
homedirectory: /home/olivier
loginshell: /bin/tcsh
userpassword: {SSHA}ttiFPj/uYlfSACRO2Gr/R0y9nzRHiMBW

If I don't use the "objectclass: account" it works.

But if I do that is that I don't get anymore the attribute "host"
that could have been useful to tune accesses to certain