Re: [Phpgroupware-users] ldap auth help/documents

[Izzy Blacklock]

On Monday 24 Mar 2003 4:58 pm, Lars Kneschke(priv.) wrote:
> Izzy Blacklock <address@hidden> schrieb:
> >Really!?  Perhaps this is where my problem lies.    I have to admit
> >I'm new to
> >LDAP servers myself and don't know either way, but this doesn't sound
> >right
> >to me.  This would make adding functionality to an existing ldap
> >server more
> >work then is should be.  I'm guessing I should do a slapcat to dump
> >the data
> >and a slapadd to restore it?  I'll give it a try.
>
> I don't think that's needed! I never did this. And i changed them schema
> files a lot. I would make no sense. The ldap server is verifying the schema
> only, when you write something to the tree.

This is more inline with what my thoughts were on it.  If anyone has any 
experiences which are contrary to this, I'd love to hear them.  

Marco:   If what Lars is saying is correct, I think you can stop dumping and 
restoring your ldap data every time you make changes to your schemas!  I 
appreciate your contribution anyway.  If nothing else it has prompted 
discussion that will help others unsure on the issue. 

> >The manual entries I made to my account look similar.  I am missing
> >the
> >phpgwAccountExpires, phpgwAccountLastLogin, and
> >phpgwAccountLastLoginFrom
> >elements.  Obviousely the last two wouldn't have valid data until
> >after a
> >login occurred, but do they need to exist before for phpgw to function
>
> Are you able to login? Try to set the expiry values from the user admin
> page and have a look at the settings again. How did you create your current
> users?

No, that is my problem.  I had problems getting the setup utility to modify my 
existing LDAP accounts for use with phpgw.  Not sure what the problem is, I 
just keep getting the setup screen back without any errors and no changes to 
my LDAP entries.  I tried to manually add the needed elements to see if the 
problems were isolated to the setup tool.  

My users were created originally with idealx.org's webmin module 
"idxldapaccounts".  It creates LDAP entries needed for samba and posix user 
accounts and groups.  Here's what one of my accounts look like:

# izzyb, Users, edm, net
dn: uid=izzyb,ou=Users,dc=edm,dc=net
homeDirectory: /home/izzyb
loginShell: /bin/bash
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaAccount
objectClass: phpgwAccount
pwdLastSet: 0
logonTime: 0
logoffTime: 2147483647
uid: izzyb
kickoffTime: 2147483647
scriptPath: izzyb.bat
pwdMustChange: 0
acctFlags: [UX]
smbHome: \\admin-SRV\homes
profilePath: \\admin-SRV\profiles\izzyb
pwdCanChange: 2147483647
homeDrive: H:
cn: Izzy
uidNumber: 1000
rid: 3000
description: Network Administrator
primaryGroupID: 2090
gidNumber: 545
ntPassword: secret ;)
lmPassword: secret ;)
sn: Blacklock
userPassword:: secret ;)
phpgwAccountType: u
phpgwAccountStatus: a

I haven't tried adding the missing phpgw elements yet.  I'm currently looking 
at installing and testing with the latest phpgw release to see if it makes a 
difference.  If you or anyone else can provide details of what is expected by 
phpgw, I'd appreciate it.  

Thanks.

...Izzy