Menu
▾
▴
Re: [webmin-l] recent changes to LDAP User Admin
|
From: Craig W. <cra...@az...> - 2006-07-14 12:49:48
|
On Thu, 2006-07-13 at 23:22 -0700, Jamie Cameron wrote: > On 13/Jul/2006 22:28 Craig White wrote .. > > On Fri, 2006-07-14 at 12:51 +0800, Murray Trainer wrote: > > > > It used to work because I did set up a few users but I updated to 1.290 > > > > and now, I've got a problem. > > > > > > > > Saving a 'user', I get "Failed to save user : Failed to modify user > > in > > > > LDAP database : attribute "gn" not allowed > > > > > > > > which of course means that I am showing the givenName and sn fields > > and > > > > have entries in them (in fact, this entry was created with earlier > > > > version of webmin/ldap user admin) and I merely clicked on it to edit > > it > > > > and then clicked on save to produce the error. > > > > > > > > I've been fooling around with config and now have it set to > > > > 'inetOrgPerson' for 'Objectclass to add for givenName' but have tried > > > > person, organizationalPerson to no avail. > > > > > > > > I am using Fedora Directory Server > > > > > > > > The objectclasses of the record I am editing (for clarification > > > > purposes) are: > > > > person, organizationalPerson, inetOrgPerson, posixAccount, top, > > > > sambaSamAccount, ShadowAccount (in order per LDAP Attributes if that > > is > > > > significant) > > > > > > > > I have no problem using Fedora Directory console and adding the > > > > 'givenName' but I can never edit and save a user unless I completely > > > > remove all contents of the givenName field. > > > > > > > > I have the impression that there is no 'gn' alias to 'givenName' > > > > attribute - especially when I see things like this... > > > > > > > > http://directory.fedora.redhat.com/wiki/Howto:phpLdapAdmin#How_to_create_a_posixUser_in_Fedora_DS > > > > > > > > Craig > > > > > > Hi Craig, > > > > > > Is an there an entry in your LDAP schema like the one in Openldap's > > > core.schema below? Maybe you can hack that to make it all work? > > > > > > Murray > > > > > > attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) > > > DESC 'RFC2256: first name(s) for which the entity is known by' > > > SUP name ) > > > > > ---- > > probably but it wouldn't be indexed. I think it best to leave core > > schema unaltered by dummies like me. Moreover, if Jamie intends to have > > it universal for LDAP, it would probably be better to just use givenName > > and not gn > > > > I could hack it myself by not using his simplifications but rather > > putting the givenname and sn attributes in the custom section but that > > isn't the point. > > > > I think Jamie will get where I am going with this. > > Hi Craig, > I think the cause of this problem is an in-consistency between LDAP schemas > on various systems as to the attribute used for the given name. I added code > that is supposed to handle either case, but from looking at it just now I found > a bug :( > > To fix it, you can edit the file file ldap-useradmin/save_user.cgi under the > Webmin root directory, and change lines 745 and 746 so that they use > "givenName" instead of "gn". ---- line 746 was already givenName but I changed line 745 and it made happy thanks Jamie Craig |
