In addition to giving cleanup examples, I believe that it is important to explain some of the reasons for including certain object classes from the schemas found in the /etc/ldap/schema directory. For example, in Item #4, Populating LDAP with the John Doe example it should be explained that there are AUXILIARY and STRUCTURAL object classes in schema. The posixAccount and shadowAccount are AUXILIARY object classes defined in the nis.schema, the inetOrgPerson is a required STRUCTURAL object class defined in . Schema MUST and MAY items should be explained in inetorgperson.schema. If you try to use an AUXILIARY object class like posixAccount, without a STRUCTURAL object class like inetOrgPerson, you'll get the following error: <pre> ldap_add: Object class violation (65) additional info: no structural object class provided </pre> The inetOrgPerson object class is derived from organizationalPerson, which is derived from person, both of which are found in the core.schema file. So following the MUST and MAY of these object classes. Person MUST have sn (surname) and cn (common name) defined. I hope that someone gets something out of this: <pre> dn: uid=jdoe,ou=people,dc=example,dc=com objectClass: inetOrgPerson # inetOrgPerson -> organizationalPerson -> person # person must sn cn sn: Doe cn: John Doe </pre> Then, you add in the AUXILIARY object class posixAccount: <pre> objectClass: posixAccount # posixAccount must cn (above) uid (above) uidNumber gidNumber homeDirectory uidNumber: 1000 gidNumber: 1000 homeDirectory: /home/jdoe # posixAccount may userPassword loginShell gecos description #userPassword: jdoe1 #loginShell: /bin/bash #gecos: John Doe #description: </pre> Then, you add in the AUXILIARY object class shadowAccount: <pre> # shadowAccount must uid (above) # shadowAccount may userPassword (above) shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag description (above) shadowLastChange: 10877 shadowMin: 8 shadowMax: 999999 shadowWarning: 7 #shadowInactive: shadowExpire: -1 shadowFlag: 0 </pre> Then, you use the STRUCTURAL object class for posixGroup: <pre> dn: cn=jdoe,ou=groups,dc=example,dc=com # posixGroup must cn (above) gidNumber gidNumber: 1000 </pre>
-- OpenLDAP Server should demonstrate ldapdelete cleanup commands for example ldapadd commands https://bugs.launchpad.net/bugs/473921 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs