Menu
▾
▴
Re: [webmin-l] recent changes to LDAP User Admin
|
From: Jamie C. <jca...@we...> - 2006-07-14 06:22:57
|
On 13/Jul/2006 22:28 Craig White wrote .. > On Fri, 2006-07-14 at 12:51 +0800, Murray Trainer wrote: > > > It used to work because I did set up a few users but I updated to 1.290 > > > and now, I've got a problem. > > > > > > Saving a 'user', I get "Failed to save user : Failed to modify user > in > > > LDAP database : attribute "gn" not allowed > > > > > > which of course means that I am showing the givenName and sn fields > and > > > have entries in them (in fact, this entry was created with earlier > > > version of webmin/ldap user admin) and I merely clicked on it to edit > it > > > and then clicked on save to produce the error. > > > > > > I've been fooling around with config and now have it set to > > > 'inetOrgPerson' for 'Objectclass to add for givenName' but have tried > > > person, organizationalPerson to no avail. > > > > > > I am using Fedora Directory Server > > > > > > The objectclasses of the record I am editing (for clarification > > > purposes) are: > > > person, organizationalPerson, inetOrgPerson, posixAccount, top, > > > sambaSamAccount, ShadowAccount (in order per LDAP Attributes if that > is > > > significant) > > > > > > I have no problem using Fedora Directory console and adding the > > > 'givenName' but I can never edit and save a user unless I completely > > > remove all contents of the givenName field. > > > > > > I have the impression that there is no 'gn' alias to 'givenName' > > > attribute - especially when I see things like this... > > > > > > http://directory.fedora.redhat.com/wiki/Howto:phpLdapAdmin#How_to_create_a_posixUser_in_Fedora_DS > > > > > > Craig > > > > Hi Craig, > > > > Is an there an entry in your LDAP schema like the one in Openldap's > > core.schema below? Maybe you can hack that to make it all work? > > > > Murray > > > > attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) > > DESC 'RFC2256: first name(s) for which the entity is known by' > > SUP name ) > > > ---- > probably but it wouldn't be indexed. I think it best to leave core > schema unaltered by dummies like me. Moreover, if Jamie intends to have > it universal for LDAP, it would probably be better to just use givenName > and not gn > > I could hack it myself by not using his simplifications but rather > putting the givenname and sn attributes in the custom section but that > isn't the point. > > I think Jamie will get where I am going with this. Hi Craig, I think the cause of this problem is an in-consistency between LDAP schemas on various systems as to the attribute used for the given name. I added code that is supposed to handle either case, but from looking at it just now I found a bug :( To fix it, you can edit the file file ldap-useradmin/save_user.cgi under the Webmin root directory, and change lines 745 and 746 so that they use "givenName" instead of "gn". - Jamie |
