[Bug 473921] Re: OpenLDAP Server should demonstrate ldapdelete cleanup commands for example ldapadd commands

Sun, 08 Nov 2009 21:10:36 -0800 

In addition to giving cleanup examples, I believe that it is important to 
explain some of the reasons for including certain object classes from the 
schemas found in the /etc/ldap/schema directory.  For example, in Item #4, 
Populating LDAP with the John Doe example it should be explained that there are 
AUXILIARY and STRUCTURAL object classes in schema.  The posixAccount and 
shadowAccount are AUXILIARY object classes defined in the nis.schema, the 
inetOrgPerson is a required STRUCTURAL object class defined in .  Schema MUST 
and MAY items should be explained in inetorgperson.schema.  If you try to use 
an AUXILIARY object class like posixAccount, without a STRUCTURAL object class 
like inetOrgPerson, you'll get the following error:
<pre>
ldap_add: Object class violation (65)
        additional info: no structural object class provided
</pre>
The inetOrgPerson object class is derived from organizationalPerson, which is 
derived from person, both of which are found in the core.schema file.  So 
following the MUST and MAY of these object classes.  Person MUST have sn 
(surname) and cn (common name) defined.  I hope that someone gets something out 
of this:
<pre>
dn: uid=jdoe,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
# inetOrgPerson -> organizationalPerson -> person
# person must sn cn
sn: Doe
cn: John Doe
</pre>
Then, you add in the AUXILIARY object class posixAccount:
<pre>
objectClass: posixAccount
# posixAccount must cn (above) uid (above) uidNumber gidNumber homeDirectory
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/jdoe
# posixAccount may  userPassword loginShell gecos description
#userPassword: jdoe1
#loginShell: /bin/bash
#gecos: John Doe
#description:
</pre>
Then, you add in the AUXILIARY object class shadowAccount:
<pre>
# shadowAccount must uid (above)
# shadowAccount may userPassword (above) shadowLastChange shadowMin shadowMax 
shadowWarning shadowInactive shadowExpire shadowFlag description (above)
shadowLastChange: 10877
shadowMin: 8
shadowMax: 999999
shadowWarning: 7
#shadowInactive:
shadowExpire: -1
shadowFlag: 0
</pre>
Then, you use the STRUCTURAL object class for posixGroup:
<pre>
dn: cn=jdoe,ou=groups,dc=example,dc=com
# posixGroup must cn (above) gidNumber
gidNumber: 1000
</pre>

-- 
OpenLDAP Server should demonstrate ldapdelete cleanup commands for example 
ldapadd commands
https://bugs.launchpad.net/bugs/473921
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to