Menu
▾
▴
Re: [webmin-l] recent changes to LDAP User Admin
|
From: Craig W. <cra...@az...> - 2006-07-14 05:29:07
|
On Fri, 2006-07-14 at 12:51 +0800, Murray Trainer wrote: > > It used to work because I did set up a few users but I updated to 1.290 > > and now, I've got a problem. > > > > Saving a 'user', I get "Failed to save user : Failed to modify user in > > LDAP database : attribute "gn" not allowed > > > > which of course means that I am showing the givenName and sn fields and > > have entries in them (in fact, this entry was created with earlier > > version of webmin/ldap user admin) and I merely clicked on it to edit it > > and then clicked on save to produce the error. > > > > I've been fooling around with config and now have it set to > > 'inetOrgPerson' for 'Objectclass to add for givenName' but have tried > > person, organizationalPerson to no avail. > > > > I am using Fedora Directory Server > > > > The objectclasses of the record I am editing (for clarification > > purposes) are: > > person, organizationalPerson, inetOrgPerson, posixAccount, top, > > sambaSamAccount, ShadowAccount (in order per LDAP Attributes if that is > > significant) > > > > I have no problem using Fedora Directory console and adding the > > 'givenName' but I can never edit and save a user unless I completely > > remove all contents of the givenName field. > > > > I have the impression that there is no 'gn' alias to 'givenName' > > attribute - especially when I see things like this... > > > > http://directory.fedora.redhat.com/wiki/Howto:phpLdapAdmin#How_to_create_a_posixUser_in_Fedora_DS > > > > Craig > > Hi Craig, > > Is an there an entry in your LDAP schema like the one in Openldap's > core.schema below? Maybe you can hack that to make it all work? > > Murray > > attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) > DESC 'RFC2256: first name(s) for which the entity is known by' > SUP name ) > ---- probably but it wouldn't be indexed. I think it best to leave core schema unaltered by dummies like me. Moreover, if Jamie intends to have it universal for LDAP, it would probably be better to just use givenName and not gn I could hack it myself by not using his simplifications but rather putting the givenname and sn attributes in the custom section but that isn't the point. I think Jamie will get where I am going with this. Craig |