I'm not able to add posix users/groups to this newly created ldap directory. OpenLDAP version is 2.4.19.
The LDIF I've populated the LDAP directory is probably the problem, but I'm not sure what I need to do next...
dn: dc=company,dc=net,dc=au
objectClass: dcObject
objectClass: organization
o: Company Pty Ltd
dc: company
dn: cn=manager,dc=company,dc=net,dc=au
objectClass: organizationalRole
cn: Manager
dn: ou=People,dc=company,dc=net,dc=au
objectClass: organizationalUnit
objectClass: top
ou: People
dn: ou=Groups,dc=company,dc=net,dc=au
objectClass: organizationalUnit
objectClass: top
ou: Groups
Could someone please educate me :)
Update: I've added nis.schema, which I expected to fix the problem as it has all the posix* classes I was after. However, I now get the following error:
/etc/openldap/schema/nis.schema: line 203 objectclass: AttributeType not found: "manager"
/opt/openldap/etc/openldap/slapd.conf: line 6: <include> handler exited with 1!
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
The relevant section of nis.schema, ~line 203 is as follows...
objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
DESC 'Abstraction of a host, an IP device'
SUP top AUXILIARY
MUST ( cn $ ipHostNumber )
MAY ( l $ description $ manager ) )
I'll continue reading.
I think I've figured it out - Once I'm done reading, I'll post the root cause, and the detailed solution; but for now - and in short - I hadn't included the appropriate schema files.
The posixAccount is an auxiliary class, so it's a completely optional that can be "attached" onto the required structural one - be it person, organizationalPerson, or interOrgPerson.
No, I thought I was close, still no luck. In order to add nis.schema, I had to add a few prerequisite schemas, so now I have...
That resolved slapd not starting up, however, I still can't see any posix* classes anywhere in the ldap mgmt web interface.
I cannot help you much with the phpldap, as I've never used it (I'm preferring ApacheDirectoryStudio or the openldap's command line tools), but if you can use a generic LDIF file with it, please try this one:
...and see if it works?
In any case, I strongly recommend using ApacheDirectoryStudio as a generic LDAP/schema browser.
You had the right answer; you need to add the schemas as followed in your slapd.conf and restart:
note: the order is important!
Then you can add POSIX user via ldif file:
You might try using the migration scripts to generate a base ldif. On my RHEL install, they are at
/usr/share/openldap/migration/, of course depending on your distro they may land somewhere else.migrate_passwd.plwill give you your users, andmigrate_group.plyou groups (both obvious). If appropriate, you can also use themigrate_all_online.shto suck in everything from your current system and dump it directly into a currently running LDAP (and then prune or add as needed).