Red Hat Bugzilla – Bug 99435
libuser LDAP backend is not functional
Last modified: 2005-10-31 17:00:50 EST
Description of problem:
Looking at the sources for the "libuser" library, I'm guessing the LDAP backend is
incomplete. I've been trying to use the "libuser" LDAP backend to manage my user
and group accouns that I've stored in my OpenLDAP server. What I found is that I
can't use "lgroupadd" to add a group using the LDAP backend.
Looking at the sources, the "lgroupadd" command-line tool invokes the
"lu_ldap_group_add" located in "modules/ldap.c". This function, in turn, will invoke
"lu_ldap_set" which is able to perform modifications, but not additions to the
The problem here is that invoking "lgroupadd" to add a new group "testgroup", will
map the group "testgroup" to an LDAP distinguised name of "cn=testgroup,
ou=groups, dc=example, dc=com" (for example). Note that we are trying to add a
new directory entry. However, the "lu_ldap_set" function will try to perform a
modification (LDAP_MOD) and since the entry doesn't exist in the directory, it will
The "libuser" LDAP module backend is thus incomplete, and unable to properly
manage additions, like adding groups and users to the directory.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install libuser-0.51.7
2. Modify "/etc/libuser.conf":
modules = ldap
create_modules = ldap
server = your.server.name
basedn = dc=example,dc=com
3. Invoke "lgroupadd testgroup". It will complain that the group can't be added.
This was expected, since the LDAP backend module is trying to perform a
modification on the group, which doesn't exist, as we are trying to add it.
libuser's LDAP backend is completely useless.
libuser's LDAP backend should be able to properly perform add operations on an
Will this get fixed? We're implemented a centralized OpenLDAP directory for user
authentication and we miss a tool that allows to add users/groups to the directory.
We though "libuser" was the solution, but it seems incomplete.
I have attached a patch file which enables 100% operational suppor to libuser's
LDAP module. With the original libuser, "luseradd" and "lgroupadd" command-line
tools would fail as the original LDAP module is incomplete.
This patch adds support to libuser's LDAP module to completely support "add",
"modify" and "delete" operations.
The attached patch is "libuser-LDAP-20030728.patch".
Created attachment 93195 [details]
fully functional LDAP backend module
Finally the 'libuser' is operational with LDAP.
On the other hand, when I enter a password, the error message is posted:
SystemError: error setting password in LDAP directory for
uid=testuser,ou=People,dc=example,dc=com: Undefined attribute type
It misses nothing any more but that to use it completely.
Thank you for this work.
Thanks a lot for the patch.
Even though the patch was not incorporated directly, the
fixes in libuser-0.51.11-1 implement the same ideas.
libuser-0.52.1 should have a good-working LDAP backend.