On May 8, 2010, at 10:28 AM, Craig White wrote: > On Sat, 2010-05-08 at 10:13 -0700, Craig White wrote: >> On Sat, 2010-05-08 at 09:43 -0700, aurfalien at gmail.com wrote: >>> On May 8, 2010, at 9:37 AM, Craig White wrote: >>> >>>>> I tried that a while back, together with webmin and that php >>>>> thing. >>>>> >>>>> I was kinda hoping to use webmin for everything; DNS, DHCP, LDAP >>>>> so >>>>> that a jr sys admin could manage our intranet based services. But >>>>> with LDAP, webmin doesn't seem to like adding users to groups and >>>>> errors out. >>>>> >>>>> So I just hand edit an ldif for now and ldapmodify. >>>>> >>>>> I'll revisit the webmin error regarding adding users to groups and >>>>> see >>>>> whats going on. >>>> ---- >>>> I use webmin's LDAP Users and Groups to administer both users and >>>> groups >>>> - it works fine if configured properly. >>> >>> >>> Perfect! >>> >>> You mind sharing some nuggets? >>> >>> First, my issue; >>> >>> Using webmin, I can add users and also add them to groups and >>> secondary group during initial creation of that user. >>> >>> However if I then try to add an already created user to a secondary >>> group, webmin fails with; >>> >>> Failed to save group : Failed to modify group in LDAP database : >>> modify/delete: description: no such attribute >>> >>> I can do this using ldapmodify with an ldif file, just not via >>> webmin. >>> >>> I can add, remove users via webmin, I just can't add them to >>> secondary >>> groups after I've created them. >>> >>> I can only add them to secondary groups during initial creation of >>> that user. >>> >>> Any help would be very very cool. >>> >>> Thanks in advance Craig. >> ---- >> I only recently discovered that myself - and I noticed that only >> occurred when the group is not a samba group (i.e. no >> sambaGroupMapping >> ou) but I almost suspect that it's because I am not using >> 'objectclass >> top' for these entries but I never really investigated further. The >> only >> differences between the ones that I can edit and the ones I can't >> edit >> are the objectclass 'sambaGroupMapping' and 'top' > ---- > No - I just checked and the same thing still exists even if I add the > 'top' objectclass to a 'non-samba' group but if it's a samba group, I > have no problem adding/removing members using webmin. It would seem to > be a problem with the webmin module. > > Just for kicks, I've been playing with it and it seems to be working > now > (now that I've turned logging on so I could report to Jamie). > > I did notice that it seems to help to put something (anything) in the > description field. Wow, thanks for the r&d Craig! sambaGroupMapping aye? I don't use samba and have my Windows clients auth against ldap via pGina which is an ldap client for Windows. However even if i don't use samba for client auth, is there a way to add it in my config just so I can mod group members?