Re: [webmin-l] LDAP strangeness

[Craig W. <cra...@az...>]

On Sun, 2011-06-19 at 22:58 -0700, Jamie Cameron wrote:
> On 19/Jun/2011 18:09 Craig White <cra...@az...> wrote ..
> > On Sun, 2011-06-19 at 12:15 -0700, Jamie Cameron wrote:
> > > On 18/Jun/2011 17:36 Craig White <cra...@az...> wrote ..
> > > > On Wed, 2011-06-15 at 10:55 -0700, Jamie Cameron wrote:
> > > > > On 14/Jun/2011 20:34 Craig White <cra...@az...> wrote ..
> > > > > > LDAP Users & Groups - Ubuntu 10.04 - Webmin 1.550
> > > > > > 
> > > > > > when I try to edit a user (created with ldap_useradmin), I get the
> > > > > > following message when I try to save...
> > > > > > 
> > > > > > Failed to save user: Failed to modify user in LDAP Database: object
> > > > > > class 'SambaSamAccount' requires attribute 'SambaSID'
> > > > > > 
> > > > > > Which makes sense because it certainly does but there is a value in
> > > > > > SambaSID for this user and Webmin LDAP Users and Groups put it there
> > > > > > when I created the User.
> > > > > > 
> > > > > > The error message can be viewed here:
> > > > > > http://srv1.lightsonthenet.com/Craig/ScreenShot1.png
> > > > > > 
> > > > > > and to demonstrate, I put the LDAP attributes as displayed by Webmin
> > > > > > LDAP Users and Groups module which can be viewed here:
> > > > > > http://srv1.lightsonthenet.com/Craig/ScreenShot2.png
> > > > > > 
> > > > > > Curiously enough, I am able to 'edit' individual attributes in Servers
> > > > > > => LDAP Server => Browse => show that same record and edit any
> > > > > > particular attribute but I can't seem to save an edited record from LDAP
> > > > > > Users & Groups module. I can however create and delete LDAP users from
> > > > > > that module.
> > > > > > 
> > > > > > Any ideas?
> > > > > 
> > > > > Hi Craig,
> > > > > 
> > > > > Is the object class for your Samba users "SambaSamAccount" with a capital
> > > > > S at the start? Because Webmin expects it to be "sambaSamAccount" , and
> > > > > won't automatically add the sambaSID attribute otherwise..
> > > > ----
> > > > sorry to be so slow to respond but I am not subscribed to webmin list at
> > > > work and it's been a long week.
> > > > 
> > > > Definitely a lower case "s"  -  that is why I posted 'ScreenShot1.png'
> > > > so it would be clear what the attributes & objectclasses were in the
> > > > object I was actually saving. I am going through the same setup at home
> > > > (ubuntu lucid)
> > > > 
> > > > The 'User' was created by Webmin LDAP Users & Groups. But if I merely go
> > > > into the edit mode after creating the user and just click 'Save' without
> > > > changing anything, it will fail with the same error.
> > > > 
> > > > The same issue happens to me using CentOS 5 and Webmin-1.550 after upgrading
> > from
> > > > 1.490 to 1.550 - I checked and it worked before upgrading, failed after upgrading.
> > > > 
> > > > The same issue happens to me at home but I did import most everything
> > > > from my old 2.2.x version of openldap at home and also copied my webmin
> > > > module config from the old server to the new server. I deleted the
> > > > config file from /etc/webmin/ldap-useradmin at work and filled it out
> > > > all over again but still the same thing happens.
> > > > 
> > > > It may be something I am putting into the config but the box for 'LDAP
> > > > properties for modified users' is empty.
> > > > 
> > > > I do have quite a number of attributes in the box 'Extra LDAP properties
> > > > to allow editing...' - specifically...
> > > > 
> > > > mail Email Adress
> > > > mailLocalAddress mail alias
> > > > description Description
> > > > physicalDeliveryOfficeName City
> > > > postalAddress Mail Address
> > > > postalCode Zip Code
> > > > postOfficeBox PO Box
> > > > streetAddress Street Address
> > > > telephoneNumber Telephone Number
> > > > facsimileTelephoneNumber Fax Number
> > > > sambaHomeDrive Windows Drive Letter for Home Share
> > > > sambaHomePath Windows Path for Home Share
> > > > sambaProfilePath Windows Path for Profile Share
> > > > sambaLogonScript Windows Netlogon Command
> > > > sambaDomainName Windows Domain Name
> > > > sambaPrimaryGroupSID Windows Primary Group SID
> > > > sambaAcctFlags Windows Account Flags
> > > > sambaSID Windows/Samba SID
> > > > sambaMungedDial Dial-In User?
> > > > displayName Display Name
> > > > 
> > > > and I am confirming that the behavior is the same on my new home server
> > > 
> > > Would it be possible for you to post your /etc/webmin/ldap-useradmin/config
> > > file, minus any passwords to your LDAP server? I'd like to see exactly
> > > what settings you have enabled ..
> > ----
> > There will be some unnatural line wraps caused both by terminal output &
> > e-mail constraints but...
> > 
> > # cat /etc/webmin/ldap-useradmin/config 
> > multi_fields=1
> > default_min=
> > group_props=
> > addressbook=
> > random_password=
> > passwd_stars=
> > ldap_tls=0
> > other_class=top inetOrgPerson calEntry inetLocalMailRecipient
> > default_warn=
> > group_fields=
> > samba_gclass=sambaGroupMapping
> > secmode=0
> > charset=
> > login=cn=root,dc=azapple,dc=com
> > imap_props=
> > pre_command=/root/scripts/ldap_useradmin.before
> > base_gid=
> > imap_foldersep=
> > membox=
> > user_files=
> > homedir_perms=
> > user_base=ou=People,dc=azapple,dc=com
> > domain=
> > default_inactive=
> > gother_class=
> > imap_def=0
> > ldap_port=
> > imap_folderalt=
> > pass=XXXXXXXX
> > group_base=ou=Groups,dc=azapple,dc=com
> > shells=fixed,passwd,shells
> > imap_class=SuSEeMailObject
> > given_class=inetOrgPerson
> > samba_class=sambaSamAccount
> > fields=mail Email Adress        mailLocalAddress mail alias
> > description Description physicalDeliveryOfficeName City postalAddress
> > Mail Address      postalCode Zip Code postOfficeBox PO Box
> > streetAddress Street Address    telephoneNumber Telephone Number
> > facsimileTelephoneNumber Fax Number     sambaHomeDrive Windows Drive
> > Letter for Home Share  sambaHomePath Windows Path for Home Share
> > sambaProfilePath Windows Path for Profile Share sambaLogonScript Windows
> > Netlogon Command   sambaDomainName Windows Domain Name
> > sambaPrimaryGroupSID Windows Primary Group SID  sambaAcctFlags Windows
> > Account FlagssambaSID Windows/Samba SID      calFBURL Free / Busy URL
> > sambaMungedDial Dial-In User?   displayName Display Name
> > imap_pass=
> > given=1
> > quota_support=
> > display_max=
> > home_style=
> > samba_def=1
> > mailfmt=0
> > group_mod_props=
> > ldap_host=localhost
> > default_max=
> > imap_host=
> > default_secs=
> > samba_props=sambaDomainName: AZAPPLE    sambaHomeDrive: h:
> > sambaLogonScript: logon.bat     sambaHomePath: \\SRV1\homes\${USER}
> > sambaProfilePath: \\SRV1\profiles\${USER}
> > props=calFBURL: https://srv1.azapple.com/horde/kronolith/fb.php?c=
> > ${USER}
> > default_group=
> > base_uid=
> > md5=0
> > imap_login=cyrus
> > quota=
> > alias_same=0
> > home_base=
> > person=1
> > maillocaladdress=
> > samba_gid=
> > default_shell=
> > imap_folders=
> > default_other=
> > noclash=
> > auth_ldap=/etc/ldap.conf
> > samba_domain=S-1-5-21-1423820788-2381578139-3444021595
> > post_command=/root/scripts/ldap_useradmin.after
> > mod_props=
> > given_order=0
> > slappasswd=/usr/sbin/slappasswd
> > default_expire=
> 
> I think I see the issue - you have sambaSID listed in the
> "Extra LDAP user properties to allow editing of" box on the 
> Module Config page, but Webmin sets that automatically. I'd suggest
> removing it ..
----
yep - fixed it. I have had this type of setup/configuration for many
years and never had the issue. Must have been a change that you have
done since 1.500 (or more likely since 1.520) but thanks for the awesome
tools.

Craig



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.