On Wed, Aug 18, 2010 at 10:08:12AM +0200, Andy Kannberg wrote: > Goodmorning, > > I did some digging, and this is the situation: > Upfront I must say that I do not know yet if Novell eDirectory is RFC2307 > compliant, but a Novell Engineer is available today so I can ask him > straight away. > > Anyway, this is what i've found out: > > the objectclass 'posixAccount' does exist. But it is, as far as I could see, > not mapped to the useraccount. > However, in the /etc/ldap.conf, I see this: > > # attribute/objectclass mapping > nss_map_objectclass posixAccount NxpUserAuxClass > nss_map_objectclass posixGroup NxpGroupAuxClass > pam_login_attribute cn > > And, if you look at the info from a random selected account: > > objectClass: inetOrgPerson > objectClass: NxpUserAuxClass > objectClass: organizationalPerson > objectClass: Person > objectClass: ndsLoginProperties > objectClass: Top > objectClass: krbForeignPrincipalAux > objectClass: srvprvEntityAux > objectClass: sambaSamAccount > > you see the NxpUserAuxClass as objectclass for the useraccount. > > Is there a way to handle this in SSSD ?
yes, you can try and set ldap_user_object_class = NxpUserAuxClass ldap_group_object_class = NxpGroupAuxClass in sssd.conf bye, Sumit > > cheers, > Andy > > > 2010/8/17 Andy Kannberg <andy.kannb...@gmail.com> > > > It's Novell eDirectory. However, it is possible that certain objects are > > not available on the server I test. I will do some research and get back to > > you. That will be tomorrow. > > > > Thanks so far for helping me out, is appreciated a lot ! > > > > Cheers, > > Andy > > > > To be continued.... > > > > 2010/8/17 Stephen Gallagher <sgall...@redhat.com> > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> On 08/17/2010 10:06 AM, Andy Kannberg wrote: > >> > Hi, > >> > > >> > That assumption appears to be correct: > >> > > >> > [r...@hpdw0001 ~]# ldapsearch -x -H ldap://dtc0001.dtq.nl-htc01.nxp.com > >> > <http://dtc0001.dtq.nl-htc01.nxp.com> -b > >> > ou=TST_EMEA_NL-TST01,ou=Locations,ou=NXDI,o=NXP > >> > "(&(uid=nxp21358)(objectclass=posixAccount))" > >> > # extended LDIF > >> > # > >> > # LDAPv3 > >> > # base <ou=TST_EMEA_NL-TST01,ou=Locations,ou=NXDI,o=NXP> with scope > >> subtree > >> > # filter: (&(uid=nxp21358)(objectclass=posixAccount)) > >> > # requesting: ALL > >> > # > >> > > >> > # search result > >> > search: 2 > >> > result: 0 Success > >> > > >> > # numResponses: 1 > >> > > >> > The user does exist, but does not have an objectClass of posixAccount. > >> > > >> > Is this something that can be fixed ? > >> > >> > >> What are you using for an LDAP server? If it's RFC2307-compliant, then > >> all users SHOULD have a posixAccount. > >> > >> What do you get for output from: > >> ldapsearch -x -H ldap://dtc0001.dtq.nl-htc01.nxp.com \ > >> - -b ou=TST_EMEA_NL-TST01,ou=Locations,ou=NXDI,o=NXP \ > >> "uid=nxp21358" > >> > >> > >> > >> - -- > >> Stephen Gallagher > >> RHCE 804006346421761 > >> > >> Delivering value year after year. > >> Red Hat ranks #1 in value among software vendors. > >> http://www.redhat.com/promo/vendor/ > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v2.0.14 (GNU/Linux) > >> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > >> > >> iEYEARECAAYFAkxqmDEACgkQeiVVYja6o6OKrgCaA4k7m2vruQNJsqM5nwQpnCzl > >> OLwAn0/r5gewX3l2TZh+hXYJCaaQ5y/z > >> =cf8C > >> -----END PGP SIGNATURE----- > >> _______________________________________________ > >> sssd-devel mailing list > >> sssd-devel@lists.fedorahosted.org > >> https://fedorahosted.org/mailman/listinfo/sssd-devel > >> > > > > > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
