Re: Command line created posix user shows posix disabled in console

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

John A. Sullivan III wrote:

I've created a bash script to add ds entries for new clients as we bring
them on board.  It automatically creates their user accounts which
include the posixaccount object class (as well as account (to allow the
host attribute) and posixgroup (to allow gidnumber for personal
groups)).

They appear to be created fine. Users can login, change passwords, etc.
However, when I view the user in the idm-console, the posix attributes
are present but the enable checkbox is unchecked and the attributes are
greyed out and uneditable.

If I click the enable check box, the fields are enabled but when I
attempt to save the change I get an error:
Cannot save to directory server:
netscape.ldap.LDAPException: error result(1): Operations error

run the console like this
fedora-idm-console -D 9 -f console.log
the log should contain much more detailed information
you should also look at the directory server access log to see exactly what operation it is performing 
I would not doubt this is because it's trying to add a posixaccount
value to objectclass when one already exists.  In any event, if I enable
posix and change an attribute, I get the same error.  However, if I go
to the advanced page instead, and change a posix attribute there, the
change saves perfectly fine.

Any idea what is happening and what I've done wrong? In case more
information is needed, here are some of the gory details.

There are attribute uniqueness constraints.  uidnumber and gidnumber are
globally unique.  uid and cn are unique within an ou within an o -
fairly granular.  I did try disabling the global constraints but to no
avail.

By the way, those users with NT attributes show up fine with the NT User
enabled check box checked.

Here is a typical LDIF entry:

dn: uid=userx,ou=Users,ou=Internal,o=a0000-0002,dc=ssiservices,dc=biz
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: posixaccount
objectclass: account
objectclass: posixgroup
uid: userx
cn: userx
userpassword: ea4cb9eedc
uidnumber: 2001
gidnumber: 2001
homedirectory: /data/users/userx
loginshell: /bin/sh
givenname: John A.
sn: Sullivan III
mail: userx@xxxxxxxxxxxxxxx
telephonenumber: +1 (207) 999-9999

I can't imagine it is significant but, just in case, here is the LDIF creation from the script:
The input syntax is:
uid|givenname|sn|emailuser(no domain)|phone|location|W|"|" delimited attribute=value pairs

		UIDNUMBERS[$counter]=${CIDU}
		PWS=$(echo ${CIDU}${FIRST} | md5sum)
		PWS=${PWS:0:10}
		echo -e "${FIRST}  ${PWS}\n\n" >> ${CID}.temp
		TEMPS="dn: uid=${FIRST},${USUFFIX}\n${ADDPERSON}uid: ${FIRST}\ncn: ${FIRST}\nuserpassword: ${PWS}\nuidnumber: ${CIDU}\ngidnumber: ${CIDU}\nhomedirectory: /data/users/${FIRST}\nloginshell: /bin/sh\n"
		c=0
		for var in ${REST}
		do
			if [ -n "${var}" ]; then
				case ${c} in
				0)
					TEMPS="${TEMPS}givenname: ${var}\n";;
				1)
					TEMPS="${TEMPS}sn: ${var}\n";;
				2)
					TEMPS="${TEMPS}mail: ${var}${EDOMAIN}\n";;
				3)
					TEMPS="${TEMPS}telephonenumber: ${var}\n";;
				4)
					TEMPS="${TEMPS}physicaldeliveryofficename: ${var}\n";;
				5)
					TEMPS="${TEMPS}${ADDWIN}ntuserdomainid: ${FIRST}\nntusercreatenewaccount: true\nntuserdeleteaccount: true\n";;
				*)
					var=${var/=/: }
					TEMPS="${TEMPS}${var}\n";;
				esac
			fi
			((c = c + 1))
		done
		TEMPS="${TEMPS}\n"
		echo -e ${TEMPS} >> ${LDIF}
		((counter = counter + 1))
		((CIDU = CIDU + 1))

Here are some of the variable definitions:
BASE="dc=ssiservices,dc=biz"
NEWO="o=${CID},${BASE}"
SYSACCOUNTS="ou=SysAccounts,${NEWO}"
USUFFIX="ou=Users,ou=Internal,${NEWO}"
ADDS="changetype: add\n"
TOPS="${ADDS}objectclass: top\n"
ADDO="${TOPS}objectclass: organization\n"
ADDOU="${TOPS}objectclass: organizationalUnit\n"
ADDSYSPERSON="${TOPS}objectclass: person\nobjectclass: organizationalPerson\nobjectclass: inetOrgPerson\n"
ADDPERSON="${ADDSYSPERSON}objectclass: posixaccount\nobjectclass: account\nobjectclass: posixgroup\n"
ADDGROUP="${TOPS}objectclass: groupofuniquenames\nobjectclass: posixgroup\n" ADDWIN="objectclass: ntuser\n" 

What is going on? Thanks - John

<<attachment: smime.p7s>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux