user login through ldap: uidnumber not allowed

137 views
Skip to first unread message

rol...@gmail.com

unread,
Jan 22, 2007, 3:14:33 AM1/22/07
to comp.net.ldap
Hello group,

I am trying to use ldap for a number of services on a freshly installed
tinysofa 2.0 update 6 machine. This is new thing for me and i am trying
to learn
from it by doing things step-by-step. I learned that to let users log
in
(through ssh) on the machine their ldap object needs at least the
attribute
uidNumber (and more but i am allready stuck here). I first tried to add
it to my
test-account. It failed. I read some more about it and found out i need
to use
the nis.schema schema included in the server configuration to be able
to add it.
So i uncommented the line saying: include
/etc/openldap/schema/nis.schema and
restarted the daemon using "service ldap restart". It still doesn't
work. When
in LDAP Browser\Editor i try to add the objectClass "posixAccount" it
says it
requires attribute 'uidNumber'. But when i try to add attribute
'uidNumber' it
says : attribute 'uidNumber' not allowed. Am i missing something here?

The nis.schema file says it depends on core.schema and cosine.schema.
Cosine.schema is included when starting the server but when i try to
add
core.schema the ldap-daemon won't start claiming:

Starting OpenLDAP: /etc/openldap/schema/core.schema: line 37: Duplicate
attributeType: "2.5.4.2"

Can anybody tell me, based on the provided information, what i am doing
wrong
here? Does anybody here have a simular setup and is he/she willing to
share the
slapd.conf file? I've followed some tutorials but they seem to describe
exactly
what i am doing, but in their case it works :-) .

Thanks in advance,
Rolf Deenen

rolfijn

unread,
Jan 23, 2007, 4:47:43 AM1/23/07
to comp.net.ldap
Hello list,

Already found my problem:

Just tinkering along with it, it seems I have found the problem. I had
already
created an object with the inetorgperson objectclass. I wanted to add
to this
object the posixaccount objectclass. Now I have found out this is not
possible.
I was in the assumption one could just add objectclasses as one saw
fit. It
seems however that the inetorgperson and the posixaccount objectclass
can not
both be used on the same object.

Rolf Deenen

Reply all
Reply to author
Forward
0 new messages