From: Craig W. <cra...@az...> - 2011-06-20 11:55:37
|
On Sun, 2011-06-19 at 22:58 -0700, Jamie Cameron wrote: > On 19/Jun/2011 18:09 Craig White <cra...@az...> wrote .. > > On Sun, 2011-06-19 at 12:15 -0700, Jamie Cameron wrote: > > > On 18/Jun/2011 17:36 Craig White <cra...@az...> wrote .. > > > > On Wed, 2011-06-15 at 10:55 -0700, Jamie Cameron wrote: > > > > > On 14/Jun/2011 20:34 Craig White <cra...@az...> wrote .. > > > > > > LDAP Users & Groups - Ubuntu 10.04 - Webmin 1.550 > > > > > > > > > > > > when I try to edit a user (created with ldap_useradmin), I get the > > > > > > following message when I try to save... > > > > > > > > > > > > Failed to save user: Failed to modify user in LDAP Database: object > > > > > > class 'SambaSamAccount' requires attribute 'SambaSID' > > > > > > > > > > > > Which makes sense because it certainly does but there is a value in > > > > > > SambaSID for this user and Webmin LDAP Users and Groups put it there > > > > > > when I created the User. > > > > > > > > > > > > The error message can be viewed here: > > > > > > http://srv1.lightsonthenet.com/Craig/ScreenShot1.png > > > > > > > > > > > > and to demonstrate, I put the LDAP attributes as displayed by Webmin > > > > > > LDAP Users and Groups module which can be viewed here: > > > > > > http://srv1.lightsonthenet.com/Craig/ScreenShot2.png > > > > > > > > > > > > Curiously enough, I am able to 'edit' individual attributes in Servers > > > > > > => LDAP Server => Browse => show that same record and edit any > > > > > > particular attribute but I can't seem to save an edited record from LDAP > > > > > > Users & Groups module. I can however create and delete LDAP users from > > > > > > that module. > > > > > > > > > > > > Any ideas? > > > > > > > > > > Hi Craig, > > > > > > > > > > Is the object class for your Samba users "SambaSamAccount" with a capital > > > > > S at the start? Because Webmin expects it to be "sambaSamAccount" , and > > > > > won't automatically add the sambaSID attribute otherwise.. > > > > ---- > > > > sorry to be so slow to respond but I am not subscribed to webmin list at > > > > work and it's been a long week. > > > > > > > > Definitely a lower case "s" - that is why I posted 'ScreenShot1.png' > > > > so it would be clear what the attributes & objectclasses were in the > > > > object I was actually saving. I am going through the same setup at home > > > > (ubuntu lucid) > > > > > > > > The 'User' was created by Webmin LDAP Users & Groups. But if I merely go > > > > into the edit mode after creating the user and just click 'Save' without > > > > changing anything, it will fail with the same error. > > > > > > > > The same issue happens to me using CentOS 5 and Webmin-1.550 after upgrading > > from > > > > 1.490 to 1.550 - I checked and it worked before upgrading, failed after upgrading. > > > > > > > > The same issue happens to me at home but I did import most everything > > > > from my old 2.2.x version of openldap at home and also copied my webmin > > > > module config from the old server to the new server. I deleted the > > > > config file from /etc/webmin/ldap-useradmin at work and filled it out > > > > all over again but still the same thing happens. > > > > > > > > It may be something I am putting into the config but the box for 'LDAP > > > > properties for modified users' is empty. > > > > > > > > I do have quite a number of attributes in the box 'Extra LDAP properties > > > > to allow editing...' - specifically... > > > > > > > > mail Email Adress > > > > mailLocalAddress mail alias > > > > description Description > > > > physicalDeliveryOfficeName City > > > > postalAddress Mail Address > > > > postalCode Zip Code > > > > postOfficeBox PO Box > > > > streetAddress Street Address > > > > telephoneNumber Telephone Number > > > > facsimileTelephoneNumber Fax Number > > > > sambaHomeDrive Windows Drive Letter for Home Share > > > > sambaHomePath Windows Path for Home Share > > > > sambaProfilePath Windows Path for Profile Share > > > > sambaLogonScript Windows Netlogon Command > > > > sambaDomainName Windows Domain Name > > > > sambaPrimaryGroupSID Windows Primary Group SID > > > > sambaAcctFlags Windows Account Flags > > > > sambaSID Windows/Samba SID > > > > sambaMungedDial Dial-In User? > > > > displayName Display Name > > > > > > > > and I am confirming that the behavior is the same on my new home server > > > > > > Would it be possible for you to post your /etc/webmin/ldap-useradmin/config > > > file, minus any passwords to your LDAP server? I'd like to see exactly > > > what settings you have enabled .. > > ---- > > There will be some unnatural line wraps caused both by terminal output & > > e-mail constraints but... > > > > # cat /etc/webmin/ldap-useradmin/config > > multi_fields=1 > > default_min= > > group_props= > > addressbook= > > random_password= > > passwd_stars= > > ldap_tls=0 > > other_class=top inetOrgPerson calEntry inetLocalMailRecipient > > default_warn= > > group_fields= > > samba_gclass=sambaGroupMapping > > secmode=0 > > charset= > > login=cn=root,dc=azapple,dc=com > > imap_props= > > pre_command=/root/scripts/ldap_useradmin.before > > base_gid= > > imap_foldersep= > > membox= > > user_files= > > homedir_perms= > > user_base=ou=People,dc=azapple,dc=com > > domain= > > default_inactive= > > gother_class= > > imap_def=0 > > ldap_port= > > imap_folderalt= > > pass=XXXXXXXX > > group_base=ou=Groups,dc=azapple,dc=com > > shells=fixed,passwd,shells > > imap_class=SuSEeMailObject > > given_class=inetOrgPerson > > samba_class=sambaSamAccount > > fields=mail Email Adress mailLocalAddress mail alias > > description Description physicalDeliveryOfficeName City postalAddress > > Mail Address postalCode Zip Code postOfficeBox PO Box > > streetAddress Street Address telephoneNumber Telephone Number > > facsimileTelephoneNumber Fax Number sambaHomeDrive Windows Drive > > Letter for Home Share sambaHomePath Windows Path for Home Share > > sambaProfilePath Windows Path for Profile Share sambaLogonScript Windows > > Netlogon Command sambaDomainName Windows Domain Name > > sambaPrimaryGroupSID Windows Primary Group SID sambaAcctFlags Windows > > Account FlagssambaSID Windows/Samba SID calFBURL Free / Busy URL > > sambaMungedDial Dial-In User? displayName Display Name > > imap_pass= > > given=1 > > quota_support= > > display_max= > > home_style= > > samba_def=1 > > mailfmt=0 > > group_mod_props= > > ldap_host=localhost > > default_max= > > imap_host= > > default_secs= > > samba_props=sambaDomainName: AZAPPLE sambaHomeDrive: h: > > sambaLogonScript: logon.bat sambaHomePath: \\SRV1\homes\${USER} > > sambaProfilePath: \\SRV1\profiles\${USER} > > props=calFBURL: https://srv1.azapple.com/horde/kronolith/fb.php?c= > > ${USER} > > default_group= > > base_uid= > > md5=0 > > imap_login=cyrus > > quota= > > alias_same=0 > > home_base= > > person=1 > > maillocaladdress= > > samba_gid= > > default_shell= > > imap_folders= > > default_other= > > noclash= > > auth_ldap=/etc/ldap.conf > > samba_domain=S-1-5-21-1423820788-2381578139-3444021595 > > post_command=/root/scripts/ldap_useradmin.after > > mod_props= > > given_order=0 > > slappasswd=/usr/sbin/slappasswd > > default_expire= > > I think I see the issue - you have sambaSID listed in the > "Extra LDAP user properties to allow editing of" box on the > Module Config page, but Webmin sets that automatically. I'd suggest > removing it .. ---- yep - fixed it. I have had this type of setup/configuration for many years and never had the issue. Must have been a change that you have done since 1.500 (or more likely since 1.520) but thanks for the awesome tools. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. |