From: James S. <up@3.am> - 2010-05-09 03:59:32
|
On Sat, 8 May 2010, Jamie Cameron wrote: > On 08/May/2010 16:54 Craig White <cra...@az...> wrote .. >> On Sat, 2010-05-08 at 15:57 -0700, Jamie Cameron wrote: >>> The issue here may be that Webmin 1.510 sets the "description" >>> attribute on LDAP groups, but that attribute isn't supported in your >>> LDAP schema. >>> >>> Which is surprising, because it seems to be defined in the nis.schema >>> file, in the posixGroup object class .. like : >>> >>> >>> objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' >>> DESC 'Abstraction of a group of accounts' >>> SUP top STRUCTURAL >>> MUST ( cn $ gidNumber ) >>> MAY ( userPassword $ memberUid $ description ) ) >>> - Jamie >> ---- >> It was I who told the OP that adding a description would actually allow >> you to save changes to memberUid multi-values. I noticed this some time >> ago and never reported it to you but it never happens to me when I have >> a group that is also a samba group (sambaGroupMapping). >> >> I turned on slapd logging with the hope of figuring out what the problem >> was but it stopped happening to me. What I have indeed seen is that if I >> create the non-samba group in LDAP Users & Groups while leaving the >> description field blank, if I later go and edit the 'members' and then >> save it, I get the same error as the OP but once I put something in the >> description attribute, I can make changes without issue. Not much of a >> bug report but I believe that there is a bug in the save existing groups >> somewhere. > > Yeah, there is a small webmin bug in that it tries to remove the description > field when editing and saving an existing group with no description. This cause > un-necessary problems when the LDAP schema doesn't know about the description > attribute. > > I'll fix that in the 1.520 release. I wonder if this is related the the problem I'm having. LDAP Groups that I create in the Webmin 1.510 LDAP Users and Groups module simply aren't being seen by the CentOS Directory Server console or anything else that uses that LDAP server as an identity source. I have the correct base defined in the module config...not sure what else to do. I know that this LDAP implementation has no "slappasswd" program. Is it required? James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am ========================================================================= |