| View previous topic :: View next topic |
| Author |
Message |
MrPaulAR
n00b
Joined: 25 Jan 2003
Posts: 69
|
 Posted: Wed Feb 25, 2004 9:18 pm Post subject: Problems Migrating to LDAP Authentication |
 |
|
I'm following the guide at http://www.gentoo.org/doc/en/ldap-howto.xml and it looks great, however I've run into a problem.
I get the following error when trying to import my user accounts.
| Quote: | phenx tmp # ldapadd -D "cn=Manager,dc=anc,dc=net" -W -f /tmp/passwd.ldif
Enter LDAP Password:
adding new entry "uid=pwthoma,ou=People,dc=anc,dc=net"
ldapadd: update failed: uid=pwthoma,ou=People,dc=anc,dc=net
ldap_add: Object class violation (65)
additional info: invalid structural object class chain (inetOrgPerson/account) |
I created that ldif file with the following command
| Quote: | | ./migrate_passwd.pl /etc/passwd /tmp/passwd.ldif |
Thinking there was a system account that was causing the problem I went through and removed all accounts from that passwd.ldif file excpt mine but that didn't fix the problem. Here is the entire contents of the ldif file
| Quote: | dn: uid=pwthoma,ou=People,dc=anc,dc=net
uid: pwthoma
cn: Mr Paul
givenName: Mr
sn: Paul
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: <DELETED>
shadowLastChange: 12082
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/pwthoma
gecos: Paul Thomas |
If anyone has any suggestions I'd appreciate it very much.
Thanks
Paul |
|
| Back to top |
|
 |
MrPaulAR
n00b
Joined: 25 Jan 2003
Posts: 69
|
| Posted: Wed Feb 25, 2004 9:25 pm Post subject: |
|
|
Here is my /etc/openldap/slapd.conf file.
| Quote: |
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
# Include the needed data schemes
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
# Use crypt to hash the passwords
password-hash {crypt}
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
########################
# ldbm database definitions
########################
database bdb
suffix "dc=anc,dc=net"
rootdn "cn=Manager,dc=anc,dc=net"
rootpw <DELETED>
directory /var/lib/openldap-data
# Indices to maintain
index objectClass eq |
I've also copied the shemas from *.schema.default just in case they were modified somehow. I suspect the problem is regarding one of those. |
|
| Back to top |
|
|
Chris W
l33t
Joined: 25 Jun 2002
Posts: 972
Location: Brisbane, Australia
|
| Posted: Wed Feb 25, 2004 9:51 pm Post subject: |
|
|
The account object class (cosine.schema) MUST have a userid attribute - not present in your example. I can't see any reason you should need the account objectclass though, so perhaps just delete that line.
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
