[Freeipa-users] Radius schema addition to default user objectclasses in FreeIPA 4.1
Orkhan Gasimov
orkhan-azeri at mail.ru
Wed Oct 29 06:16:01 UTC 2014
One last question: if I'm using 2 FreeIPA servers in a multi-master
replication scenario, should I add the radiusschema.ldif file on both
servers? Or it's sufficient to add it on just one server?
29-Oct-14 09:50, Orkhan Gasimov пишет:
> I solved the problem.
> I tried to add my radiusschema.ldif using LDAP admin, and it gave an
> error: "Line 64: "dn" expected, but "add" found".
> So instructions here:
> https://www.redhat.com/archives/freeipa-users/2014-February/msg00050.html
> are incomplete.
> When creating an ldif-file from the schema-file, it's necessary to
> repeat this part:
>
> dn: cn=schema
> changetype: modify
>
> before this part:
>
> add: objectclasses
>
> After that everything proceeds normally, and it's possible to add
> "radiusprofile" objectclass to default user objectclasses.
>
> 28-Oct-14 15:43, Orkhan Gasimov пишет:
>> OK, thanks for info.
>> First I used that command with " | grep radius" at the end prior to
>> adding my radiusschema.ldif.
>> It returned no data.
>> Then I added my radiusschema.ldif using the command:
>>
>> # ldapmodify -ZZ -x -D "cn=Directory Manager" -W -H
>> ldap://localhost -f /usr/share/radiusschema.ldif
>>
>> Then I issued the command you suggested again with " | grep
>> radius|less" at the end.
>> This time it retrned a lot of entries (apparently those that were in
>> the radiusschema.ldif file).
>>
>> But when I tried to switch to GUI and add "radiusprofile"
>> objectclass, I got the same message:
>>
>> "IPA Error 4001: NotFound
>>
>> objectclass radiusprofile not found"
>>
>> I know that radius schema taken from
>> http://open.rhx.it/phamm/schema/radius.schema works,
>> it was checked by me with OpenLDAP 2.4 and FreeRadius 2.2.
>>
>> What am I doing wrong? Removing "MUST cn" from the schema gives no
>> difference.
>>
>>
>>
>> 25-Oct-14 00:38, Rich Megginson пишет:
>>> Are you trying to list the schema over LDAP? Where did you get the
>>> above instructions? They are wrong. Use
>>>
>>> ldapsearch -o ldif-wrap=no -Y GSSAPI -s base -b "cn=schema"
>>> attributeTypes objectClasses
>>
>
More information about the Freeipa-users
mailing list