Updates:

Forums updated to SMF version 2.1.1

object classes in openldap / lam on debian10

Started by Eagle92, October 05, 2020, 05:08:54 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Eagle92

Hello,

I hope I can find here help for this issue.

I have installed an openldap and ldap account manager for administration gui on a debian10 system.

Here is the tree view:

dc=domain,dc=com
cn= admin
+ou= groups(5)
+ou= users (21)

When I create a user in the lam gui, then there's missing the objectClass: top - but I need this class - so ldap search is possible for searching uids in the groups etc. (my ssh is limited to group sshd_user - my gui created users are in this group and I can see it on the webserver when I command "getent group". - But sshd says "is not in group sshd_user" - if I add objectClass top , then login is ok and sshd accepts the user).

Anybody an idea how I can get this objectClass automatically when I create a user in gui without copying an working user? If you need any other informations, please write I can give them to you.

Thanks a lot.

Sorry for my terrible english - but english is not my native language

Best regards

Eagle92


Mad Penguin

Hi, it's been a while since I used LDAP on Linux and I'm not sure what the "right" way to do what you want is. However, if you add a module that includes "objectClass: top" in it's default schema (I think for example Samba does) , then you should end up with a bunch of Samba related fields in the UI for each user (which you can mostly ignore) , but at the same time I *think* it should add "objectClass:top" to the schema so it's tagged against new users when they are added.
https://twitter.com/garethbult
https://gareth.bult.co.uk