Lars Gunther wrote:
2010-09-14 17:26, Rich Megginson skrev:
> I still don't know what you mean by "add posixGroups using the admin
> tool". If by "admin tool" you mean the 389 GUI console, then right,
> there is no explicit posix group tab in the Group editor window, but you
> can use the Advanced... editor to add the posixGroup objectclass to the
> list of objectclasses.
Yep. That's what I meant. (389-console)
When I click Advanced I see posixGroup stuff not when I click "Show
All Allowed Attributes", nor do I sse it as an option when I click the
"Add Attribute" button.
What do you mean when you say "Advanced editor"?
I mean the window you
are using that has the "Show All Allowed
Attributes" etc.
You should be able to left-click on the objectClass attribute to select
it, then Add Value to select the posixGroup objectclass to add to the
entry. Once you do that, you should be able to Add Attribute to add the
posixGroup attributes.
Having searched for a while, I've found a way to add posixGroups:
Right click -> New -> Other -> posixGroup
They will however be identified in the tree by the gidnimber, not by
their cn...
Right. If you want the group to be recognized both by the console and
by the OS, you need to create it as a regular group first, then add
posixGroup.
>> And I still can't log in as the user I've added.
>>
> What error do you get? It's always helpful when you have a problem to
> specify
> * the platform and 389-ds-base version
Fedora 13
389 1.2.0
Error message "User does not exist"
> * the exact command you used - if by "log in" you mean system login,
I've tried "su" both locally and from a client machine.
> also please specify your /etc/ldap.conf settings
[root@lb ~]# cat /etc/ldap.conf|grep -v "#"|sed '/^$/d'
base dc=labbnet,dc=ne,dc=keryx,dc=se
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm,polkituser,rtkit,pulse
uri ldaps://127.0.0.1:1636/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
I've changed the port to 1636 since *nix requires the server to run as
root for ldaps on a port below 1024...
> * the error message and error code you get from the command, if any
> * check the directory server access log from around the time of your log
> in attempt to see what the directory server logged
/var/log/dirsrv/slapd-lb/errors is silent
/var/log/dirsrv/slapd-lb/access (I've removed the timestamp)
conn=29 op=47 UNBIND
conn=29 op=47 fd=85 closed - U1
conn=26 op=77 MOD
dn="cn=ResourcePage,ou=1.1,ou=Console,ou=cn\5c=directory
manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot"
conn=26 op=77 RESULT err=0 tag=103 nentries=0 etime=1
conn=26 op=78 MOD
dn="cn=ResourcePage,ou=1.1,ou=Console,ou=cn\5c=directory
manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot"
conn=26 op=78 RESULT err=0 tag=103 nentries=0 etime=0
conn=26 op=79 MOD dn="cn=General,ou=1.1,ou=Console,ou=cn\5c=directory
manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot"
conn=26 op=79 RESULT err=0 tag=103 nentries=0 etime=0
conn=26 op=80 MOD dn="cn=General,ou=1.1,ou=Console,ou=cn\5c=directory
manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot"
conn=26 op=80 RESULT err=0 tag=103 nentries=0 etime=0
conn=26 op=82 MOD dn="cn=General,ou=1.1,ou=Console,ou=cn\5c=directory
manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot"
conn=26 op=82 RESULT err=0 tag=103 nentries=0 etime=0
conn=26 op=83 MOD dn="cn=General,ou=1.1,ou=Console,ou=cn\5c=directory
manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot"
conn=26 op=83 RESULT err=0 tag=103 nentries=0 etime=0
conn=28 op=-1 fd=84 closed - B1
conn=26 op=-1 fd=82 closed - B1
conn=27 op=-1 fd=83 closed - B1
This doesn't show any SRCH or BIND operations
that would have been done
by su.