On Wednesday, 14 April 2010 11:22:35 Adam Tauno Williams wrote: > On Wed, 2010-04-14 at 14:28 +0530, Shamika Joshi wrote: > > I'm using samba-openldap on Ubuntu 9.10 Server. I have created > > following user:rick using smbldap-tools which use default > > samba.schema.eg shown below. > > Now I also want to use "Host based authentication" using pam_filter > > where I need to mention host entry which has to be present in that > > user record. > > pam_filter |(host=cms2)(host=cms3) > > However "host" attribute appears only if I add "objectclass:account". > > If I go ahead to add that here for user:rick it gives me objectclass > > violation. What could be the way out of it? Any inputs would be highly > > appreciated > > You are violating the structural objectclass chain. > > > cn: rick > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: inetOrgPerson > > objectClass: posixAccount > > objectClass: shadowAccount > > objectClass: sambaSamAccount > > You 'deepest' structural objectclass is an inetOrgPerson; a person is > not an account. [Yea, that part is pretty dumb - account should be > abstract.]
No, it should be auxiliary, which it is in ldapns.schema, shipped with pam_ldap. The rest of this suggestion is a ridiculously complex solution to the problem, considering the user has problems adding an existing schema definition ... Regards, Buchan
