lists.arthurdejong.org
RSS feed

Re: Why does nslcd require LDAP user entry objectClass=posixAccount?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Why does nslcd require LDAP user entry objectClass=posixAccount?



What LDAP server are you using... pretty much all of them support extending the schema for PosixAccount, ShadownAccount and PosixGroup objectClasses. 

If AD is the LDAP provider then you would look at: 
https://msdn.microsoft.com/en-us/library/cc731178.aspx

If OpenLDAP it should already be available within the schema:
http://www.zytrax.com/books/ldap/ape/



On Wed, Apr 8, 2015 at 8:06 PM, Shimin <smqian [at] hotmail.com> wrote:

I am working on a project to support LDAP user authentication.  I encounter this problem when configuring pam_ldap module  to authenticate LDAP user where nslcd appears to require posixAccount attributes for LDAP users.  Otherwise, I get errors such as: “passwd entry <xxxx> does not contain uidNumber value”. 

 

None of my LDAP user entries has “objectClass=posixAccount”, therefore, it does not have uidNumber attribute nor gidNumber, loginShell etc.   I imagine there has to be a config setting where I can get around this…  I already have

 

filter passwd (objectClass=person)

 

in nslcd.conf.  What else do I have to change so that nslcd won’t require posixAccount attributes like uidNumber?

 

I have been struggling with this for two days and I am really pulling my hair out trying to get this to work without having to add posixAccount to my user entries.  Please help!!  


--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/



--
Todd Grayson
Customer Operations Engineering

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/