The Linux Community Forum

Support => General Help & Advice => Topic started by: Eagle92 on October 05, 2020, 05:08:54 pm

Title: object classes in openldap / lam on debian10
Post by: Eagle92 on October 05, 2020, 05:08:54 pm
Hello,

I hope I can find here help for this issue.

I have installed an openldap and ldap account manager for administration gui on a debian10 system.

Here is the tree view:

dc=domain,dc=com
cn= admin
+ou= groups(5)
+ou= users (21)

When I create a user in the lam gui, then there's missing the objectClass: top - but I need this class - so ldap search is possible for searching uids in the groups etc. (my ssh is limited to group sshd_user - my gui created users are in this group and I can see it on the webserver when I command "getent group". - But sshd says "is not in group sshd_user" - if I add objectClass top , then login is ok and sshd accepts the user).

Anybody an idea how I can get this objectClass automatically when I create a user in gui without copying an working user? If you need any other informations, please write I can give them to you.

Thanks a lot.

Sorry for my terrible english - but english is not my native language

Best regards

Eagle92

Title: Re: object classes in openldap / lam on debian10
Post by: Mad Penguin on October 05, 2020, 11:58:17 pm
Hi, it's been a while since I used LDAP on Linux and I'm not sure what the "right" way to do what you want is. However, if you add a module that includes "objectClass: top" in it's default schema (I think for example Samba does) , then you should end up with a bunch of Samba related fields in the UI for each user (which you can mostly ignore) , but at the same time I *think* it should add "objectClass:top" to the schema so it's tagged against new users when they are added.
SimplePortal 2.3.3 © 2008-2010, SimplePortal