On Fri, May 18, 2018 at 10:42:43AM +0200, Reyk Floeter wrote: > So, OK? >
As sthen@ pointed out, I had shadowPassword in both MUST and MAY. (The reason is that I intended to move it from MUST to MAY, but forgot to remove the MUST). userPassword in nis.schema is also MAY, so it must not be MUST but it must be MAY. A user also may not have a cn so remove it from MUST as well. s/MUST/MAY/ I get an OK? Index: etc/examples/ldapd.conf =================================================================== RCS file: /cvs/src/etc/examples/ldapd.conf,v retrieving revision 1.1 diff -u -p -u -p -r1.1 ldapd.conf --- etc/examples/ldapd.conf 11 Jul 2014 21:20:10 -0000 1.1 +++ etc/examples/ldapd.conf 18 May 2018 10:09:45 -0000 @@ -3,6 +3,7 @@ schema "/etc/ldap/core.schema" schema "/etc/ldap/inetorgperson.schema" schema "/etc/ldap/nis.schema" +schema "/etc/ldap/bsd.schema" listen on lo0 listen on "/var/run/ldapi" Index: usr.sbin/ldapd/Makefile =================================================================== RCS file: /cvs/src/usr.sbin/ldapd/Makefile,v retrieving revision 1.15 diff -u -p -u -p -r1.15 Makefile --- usr.sbin/ldapd/Makefile 20 Jan 2017 11:55:08 -0000 1.15 +++ usr.sbin/ldapd/Makefile 18 May 2018 10:09:45 -0000 @@ -17,7 +17,8 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast CFLAGS+= -Wsign-compare CLEANFILES+= y.tab.h parse.c -SCHEMA_FILES= core.schema \ +SCHEMA_FILES= bsd.schema \ + core.schema \ inetorgperson.schema \ nis.schema Index: usr.sbin/ldapd/schema/bsd.schema =================================================================== RCS file: usr.sbin/ldapd/schema/bsd.schema diff -N usr.sbin/ldapd/schema/bsd.schema --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ usr.sbin/ldapd/schema/bsd.schema 18 May 2018 10:09:45 -0000 @@ -0,0 +1,17 @@ +attributetype ( 1.3.6.1.4.1.30155.115.2 NAME 'shadowPassword' + DESC 'POSIX hashed password' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.30155.115.3 NAME 'sshPublicKey' + DESC 'SSH public key' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.3.6.1.4.1.30155.115.1 NAME 'bsdAccount' + SUP top + AUXILIARY + DESC 'Abstraction of an account with OpenBSD attributes' + MUST ( uid ) + MAY ( shadowPassword $ shadowExpire $ modifyTimestamp $ userClass $ + sshPublicKey ))