[CentOS] ldap: adding user to multiple groups

Sat May 8 17:28:14 UTC 2010
Craig White <craigwhite at azapple.com>

On Sat, 2010-05-08 at 10:13 -0700, Craig White wrote:
> On Sat, 2010-05-08 at 09:43 -0700, aurfalien at gmail.com wrote:
> > On May 8, 2010, at 9:37 AM, Craig White wrote:
> > 
> > >> I tried that a while back, together with webmin and that php thing.
> > >>
> > >> I was kinda hoping to use webmin for everything; DNS, DHCP, LDAP so
> > >> that a jr sys admin could manage our intranet based services.  But
> > >> with LDAP, webmin doesn't seem to like adding users to groups and
> > >> errors out.
> > >>
> > >> So I just hand edit an ldif for now and ldapmodify.
> > >>
> > >> I'll revisit the webmin error regarding adding users to groups and  
> > >> see
> > >> whats going on.
> > > ----
> > > I use webmin's LDAP Users and Groups to administer both users and  
> > > groups
> > > - it works fine if configured properly.
> > 
> > 
> > Perfect!
> > 
> > You mind sharing some nuggets?
> > 
> > First, my issue;
> > 
> > Using webmin, I can add users and also add them to groups and  
> > secondary group during initial creation of that user.
> > 
> > However if I then try to add an already created user to a secondary  
> > group, webmin fails with;
> > 
> > Failed to save group : Failed to modify group in LDAP database :  
> > modify/delete: description: no such attribute
> > 
> > I can do this using ldapmodify with an ldif file, just not via webmin.
> > 
> > I can add, remove users via webmin, I just can't add them to secondary  
> > groups after I've created them.
> > 
> > I can only add them to secondary groups during initial creation of  
> > that user.
> > 
> > Any help would be very very cool.
> > 
> > Thanks in advance Craig.
> ----
> I only recently discovered that myself - and I noticed that only
> occurred when the group is not a samba group (i.e. no sambaGroupMapping
> ou) but I almost suspect that it's because I am not using 'objectclass
> top' for these entries but I never really investigated further. The only
> differences between the ones that I can edit and the ones I can't edit
> are the objectclass 'sambaGroupMapping' and 'top'
----
No - I just checked and the same thing still exists even if I add the
'top' objectclass to a 'non-samba' group but if it's a samba group, I
have no problem adding/removing members using webmin. It would seem to
be a problem with the webmin module.

Just for kicks, I've been playing with it and it seems to be working now
(now that I've turned logging on so I could report to Jamie).

I did notice that it seems to help to put something (anything) in the
description field.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.