Re: [Cpu-users] openldap 2.1

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Ah yes, how we all love sourceforge :-) I made the changes to the default
cpu.conf and used account, since RFC2307 recommends using Account as the
structural class. We could have also used inetOrgPerson, but people can change
it if they don't like it. OpenLDAP defines userid to be a synonym for uid (see
schema/core.schema, oid 0.9.2342.19200300.100.1.1), so the fact that uid is
already required by posixAccount allows the 'account' class to be used.

On another note, if anyone has tested version 1.4.0 and has found bugs, please
report them on the bugtracker.

-Blake

Whatchu talkin' 'bout, Willis?
> Hi all, this is my first post here, and I wasn't able to search the 
> archives at sf (got no answer from the server).
> 
> OpenLDAP 2.1 enforces ldap-entries to use at least one 'structural' 
> ObjectClass, whilst the default ObjectClass 'posixAccount' is just 
> 'auxiliary', so a 'cpu useradd test' fails with:
> 
> >ldap: ldapUserAdd: ldap_add_s: Object class violation (65)
> >        additional info: no structural object class provided
> >ldap: CPU_init: Error in ldapOperation.
> >Something went wrong. Exiting..
> 
> This can be avoided by just adding
> 'account' to "USER_OBJECT_CLASS" in cpu.conf, which should be the 
> default in future versions, I think. But 'account' requires the 
> attribute 'userid' to be set, which is not.
> I'm wondering why it actually works at all, because openldap should 
> check whether it's set or not ... nevertheless, it works.
> 
> Great tool, thanks!
> 
> -- 
> Lukas
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Cpu-users mailing list
> Cpu...@li...
> https://lists.sourceforge.net/lists/listinfo/cpu-users

-- 
Blake Matheny           "... one of the main causes of the fall of the
bma...@pu...      Roman Empire was that, lacking zero, they had
http://www.mkfifo.net    no way to indicate successful termination of
http://ovmj.org/GNUnet/  their C programs." --Robert Firth