[Fedora-directory-users] Re: Problem adding user
Craig White
craigwhite at azapple.com
Mon Mar 27 17:34:13 UTC 2006
On Mon, 2006-03-27 at 09:08 -0800, Mont Rothstein wrote:
> Thank you for your reply.
>
> I grabbed the migration scripts from http://www.padl.com/download/
> because I wanted to avoid installing openldap when all I needed was
> the scripts.
>
> Looking at the source the kerberosSecurityObject is inserted as long
> as there is a default realm, though the extended schema does cause a
> problem with mail related values (see below).
>
> It sounds like what I was missing is the fact that editing the
> migration scripts is expected. I was under the impression that if my
> migration didn't work it was a mistake I had made.
>
> After commenting out the following items in the password_migration
> script my admin user finally added:
>
> * mailRoutingAddress
> * mailHost
> * inetLocalMailRecipient
> * kerberosSecurityObject
> * krbName
>
> Is not having these in my schema common/normal?
----
I don't know what is common - I think the issue is that it is your DSA
and you should be able to configure the desired attributes and eliminate
the attributes that aren't desired - I think that is the point of the
migration scripts in general.
Thus you should be able to take a flat file such as /etc/passwd, using
the padl migration scripts output it into whatever form you desire for
your directory.
Craig
----
>
> Thanks,
> -Mont
>
> On 3/24/06, Craig White <craigwhite at azapple.com> wrote:
> On Fri, 2006-03-24 at 10:26 -0800, Mont Rothstein wrote:
> > A suggestion was made that I should add the contents of my
> > sambaAdmin.ldif file to this post. They are below.
> >
> > The kerberosSecurityObject isn't in my schema, so thus the
> error. But
> > why did migrate_password.pl put that in my ldif? Is there a
> config
> > option somewhere that should be switched to disable Kerberos
> or do I
> > just need to manually edit the ldif and delete the offending
> line?
> >
> > Thanks,
> > -Mont
> >
> >
> > dn:
> uid=Administrator,ou=People,dc=forayadams,dc=foray,dc=com
> > uid: Administrator
> > cn: Samba Admin
> > givenName: Samba
> > sn: Admin
> > mail: Administrator at forayadams.foray.com
> > mailRoutingAddress: Administrator at mail.forayadams.foray.com
> > mailHost: mail.forayadams.foray.com
> > objectClass: inetLocalMailRecipient
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: kerberosSecurityObject
> > userPassword: {crypt}x
> > krbName: Administrator at FORAYADAMS.FORAY.COM
> > loginShell: /bin/bash
> > uidNumber: 0
> > gidNumber: 0
> > homeDirectory: /root
> > gecos: Samba Admin
> ----
> the option of course is yours.
>
> If you read through the source within the padl migration
> scripts (I'm
> assuming that you used the ones installed by openldap-server
> package
> from the distribution, you will probably notice how and why it
> is put
> there...presumably because you have chosen to use an extended
> schema.
>
> I think the object is to test, tune, test, tune until you get
> what you
> want from the migration scripts.
>
> I suspect the reasons no one else answered this question was
> that the
> source isn't part of FDS, the DSA setup will be as you design
> it to be
> and the source is lightweight and should be simple enough to
> comprehend
> and adjust as needed.
>
> Craig
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
More information about the Fedora-directory-users
mailing list