[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nssldap
Subject:    Re: [nssldap] kerberos/ldap login OK but apps can't find user info
From:       "James F. Hranicky" <jfh () cise ! ufl ! edu>
Date:       2005-06-22 21:01:25
Message-ID: 20050622170125.0f37c1ed.jfh () cise ! ufl ! edu
[Download RAW message or body]

On Wed, 22 Jun 2005 13:31:39 -0700 (PDT)
Dirk Kleinhesselink <dkleinh@phy.ucsf.edu> wrote:

> I found that I HAD to add the line:  objectClass: posixGroup
> after the line: objectClass: shadowAccount
> because adding the migrate ldif data into OpenLDAP 2.2 would
> fail.  According to some documentation I found on the net, OpenLDAP 2.2
> requires one STRUCTURE objectClass: for entries and all the definitions
> created by the migration scripts were AUXILLARY classes in the nis.schema
> file.  One of the great difficulties I've found in implementing LDAP is
> that things are quite complex and there are subtleties within the
> different versions of OpenLDAP that people (who have written up
> HOWTOs) have used.  

I guess I got around that by having all my users also be of objectclass
inetOrgPerson .

Yes, complex and subtle is what I've found as well :->

Jim
[prev in list] [next in list] [prev in thread] [next in thread]