[389-users] enabling posixGroup for a group (error : attribute "uidNumber" not allowed)

Nathan Kinder nkinder at redhat.com
Tue Jul 6 17:04:31 UTC 2010


On 07/06/2010 09:08 AM, Daniel Maher wrote:
> On 07/06/2010 05:31 PM, Nathan Kinder wrote:
>
>    
>>> http://directory.fedoraproject.org/wiki/Howto:DNA
>>>        
>    
>> The way you have DNA configured will cause it to try to add a
>> "uidNumber" attribute to a posixGroup entry.  You should change the
>> "dnaFilter" attribute for your "cn=UID numbers" DNA config entry to be
>> "(objectClass=posixAccount)".
>>      
>
> To clarify then, for the uids, instead of this :
>
> dnafilter: (|(objectclass=posixAccount)(objectclass=posixGroup))
>
> It should be this :
>
> dnafilter: (objectclass=posixAccount)
>
> ?
>    
Yes, that is correct.  The current setting you have causes DNA to add a 
"uidNumber" attribute to newly created "posixAccount" and "posixGroup" 
entries.  You only want DNA to add the "uidNumber" attribute to 
"posixAccount" entries.




More information about the 389-users mailing list