Red Hat Bugzilla – Bug 113415
ldap schemas conflict
Last modified: 2007-11-30 17:10:35 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Description of problem:
account objectclass's attribute 'host' was used in previous versions
of RedHat to allow/deny user access to different hosts on network for
users stored in ldap backend.
The openldap schemas was changed in 2.1. Objectclass account is
STRUCTURAL. sambaSAMaccount objectclass is STRUCTURAL too.
So there cannt exist ldap users what can access unix shell
and samba service.
Leaving host attribute empty and not using account objectclass
make result to not be able to select users access to different hosts.
To resolve this issue, you need cooperation of PADL.COM and
openldap.org. Maybe changing account objectclass to structural
will be solution.
This is good example of fact how RedHat linux is ready for enterprise
Version-Release number of selected component (if applicable):
Steps to Reproduce:
We can fix it by using ldapns.schema.
So I did set #121843 as blocker.
Objectclass sambaSamAccount is AUXILIARY in samba-3.0.9's samba.schema
from Fedora Core 3, now.
Objectclass account from cosine.schema is not used anymore.
Closing this bug as DEFFERED.