[389-users] Enable posix attributes via LDAP

Rich Megginson rmeggins at redhat.com
Fri May 17 18:06:12 UTC 2013 

On 05/17/2013 12:05 PM, Jonathan Vaughn wrote:
> Yeah, it works fine. No restarts needed. TL;DR: the interface library 
> I was writing is set up to prevent you from assigning multiple values 
> to attributes that are SINGLE-VALUE - and I forgot that even if you 
> only get 1 value from ldap with PHP's functions its still an array 
> ('count' => 1, 0 => [value]) and so I was silently throwing them away 
> (hadn't gotten around to putting in actual errors for these yet). :D 
> Totally my fault.

Ok.  Thanks for the info.

>
> On Fri, May 17, 2013 at 11:49 AM, Rich Megginson <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     On 05/17/2013 10:40 AM, Jonathan Vaughn wrote:
>>     Oops. It looks like the results are coming back they're just
>>     getting partially eaten somewhere in our code.
>>
>>     Still, weird that the GUI shows it all grayed out - that's what
>>     led me to believe something wasn't set right on the LDAP entry. I
>>     googled for a solution and found some ancient post where someone
>>     thought you had to restart 389ds server for it to notice the
>>     change (which seemed silly to me ... ),
>     Should not require a restart.
>
>>     hence why I came here thinking surely it can't be that... there
>>     must be a way! :D
>>
>>     On Thu, May 16, 2013 at 9:36 PM, Rich Megginson
>>     <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
>>
>>         On 05/16/2013 06:06 PM, Jonathan Vaughn wrote:
>>>         We're trying to create accounts (with the posixaccount
>>>         objectclass and so forth) via LDAP, and while we can add the
>>>         objectclasses and set the attributes without error, the
>>>         attributes for posixaccount don't show up on subsequent LDAP
>>>         queries. Looking at the entry via the 389 Console I see that
>>>         the values were set correctly but the checkbox for 'Enable
>>>         Posix User Attributes' is unechecked - I had thought
>>>         checking this merely added the relevant objectclass but
>>>         apparently there's some other special magic occuring.
>>>
>>>         How can we "enable" these attributes (so that we can than
>>>         retrieve them via LDAP later) via LDAP ? Manually going in
>>>         via the console and "enabling" them via the checkbox for
>>>         every new account is not a "solution".
>>
>>         Create a user in the console which you have done the 'Enable
>>         Posix User Attributes' - do an ldapsearch to see what that
>>         LDIF looks like - compare that with your script or LDIF that
>>         you are using to automate.
>>>
>>>
>>>         --
>>>         389 users mailing list
>>>         389-users at lists.fedoraproject.org  <mailto:389-users at lists.fedoraproject.org>
>>>         https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130517/642c9b61/attachment.html>

More information about the 389-users mailing list