Lars Gunther wrote: > 2010-09-14 17:26, Rich Megginson skrev: > >> I still don't know what you mean by "add posixGroups using the admin >> tool". If by "admin tool" you mean the 389 GUI console, then right, >> there is no explicit posix group tab in the Group editor window, but you >> can use the Advanced... editor to add the posixGroup objectclass to the >> list of objectclasses. > > Yep. That's what I meant. (389-console) > > When I click Advanced I see posixGroup stuff not when I click "Show > All Allowed Attributes", nor do I sse it as an option when I click the > "Add Attribute" button. > > What do you mean when you say "Advanced editor"? I mean the window you are using that has the "Show All Allowed Attributes" etc. You should be able to left-click on the objectClass attribute to select it, then Add Value to select the posixGroup objectclass to add to the entry. Once you do that, you should be able to Add Attribute to add the posixGroup attributes. > > Having searched for a while, I've found a way to add posixGroups: > Right click -> New -> Other -> posixGroup > > They will however be identified in the tree by the gidnimber, not by > their cn... Right. If you want the group to be recognized both by the console and by the OS, you need to create it as a regular group first, then add posixGroup. > >>> And I still can't log in as the user I've added. >>> >> What error do you get? It's always helpful when you have a problem to >> specify >> * the platform and 389-ds-base version > > Fedora 13 > 389 1.2.0 > > Error message "User does not exist" > >> * the exact command you used - if by "log in" you mean system login, > > I've tried "su" both locally and from a client machine. > >> also please specify your /etc/ldap.conf settings > > [root@lb ~]# cat /etc/ldap.conf|grep -v "#"|sed '/^$/d' > base dc=labbnet,dc=ne,dc=keryx,dc=se > timelimit 120 > bind_timelimit 120 > idle_timelimit 3600 > nss_initgroups_ignoreusers > root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm,polkituser,rtkit,pulse > > uri ldaps://127.0.0.1:1636/ > ssl no > tls_cacertdir /etc/openldap/cacerts > pam_password md5 > > I've changed the port to 1636 since *nix requires the server to run as > root for ldaps on a port below 1024... > >> * the error message and error code you get from the command, if any >> * check the directory server access log from around the time of your log >> in attempt to see what the directory server logged > > /var/log/dirsrv/slapd-lb/errors is silent > > /var/log/dirsrv/slapd-lb/access (I've removed the timestamp) > > conn=29 op=47 UNBIND > conn=29 op=47 fd=85 closed - U1 > conn=26 op=77 MOD > dn="cn=ResourcePage,ou=1.1,ou=Console,ou=cn\5c=directory > manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot" > conn=26 op=77 RESULT err=0 tag=103 nentries=0 etime=1 > conn=26 op=78 MOD > dn="cn=ResourcePage,ou=1.1,ou=Console,ou=cn\5c=directory > manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot" > conn=26 op=78 RESULT err=0 tag=103 nentries=0 etime=0 > conn=26 op=79 MOD dn="cn=General,ou=1.1,ou=Console,ou=cn\5c=directory > manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot" > conn=26 op=79 RESULT err=0 tag=103 nentries=0 etime=0 > conn=26 op=80 MOD dn="cn=General,ou=1.1,ou=Console,ou=cn\5c=directory > manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot" > conn=26 op=80 RESULT err=0 tag=103 nentries=0 etime=0 > conn=26 op=82 MOD dn="cn=General,ou=1.1,ou=Console,ou=cn\5c=directory > manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot" > conn=26 op=82 RESULT err=0 tag=103 nentries=0 etime=0 > conn=26 op=83 MOD dn="cn=General,ou=1.1,ou=Console,ou=cn\5c=directory > manager,ou=UserPreferences, ou=labbnet.ne.keryx.se, o=NetscapeRoot" > conn=26 op=83 RESULT err=0 tag=103 nentries=0 etime=0 > conn=28 op=-1 fd=84 closed - B1 > conn=26 op=-1 fd=82 closed - B1 > conn=27 op=-1 fd=83 closed - B1 This doesn't show any SRCH or BIND operations that would have been done by su. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
