LDAP Users and Group

wohlford's picture
Submitted by wohlford on Sun, 05/02/2010 - 15:34 Pro Licensee

I'm attempting to configure Webmin and Virtualmin to store Users and Groups in LDAP. There's great legacy documentation at http://www.virtualmin.com/documentation/id,combining_virtualmin_and_ldap/. However, I'm running into difficulty.

I've setup Users and Groups in LDAP previously. In fact, that's how my current hosting system is setup. As a result, I'm quite familiar with ldap and how to integrate it directly in each service (e.g. Apache, Postfix, Dovecot, etc).

Nonetheless, despite all my efforts I keep getting the following error:

Error
Failed to save user : Failed to add user to LDAP database : objectClass: value #4 invalid per syntax

Help please.

Status: 
Closed (fixed)

Comments

Submitted by JamieCameron on Sun, 05/02/2010 - 15:40

Sounds like one of the object classes you have setup for users is not valid.

If you go to Webmin -> System -> LDAP Users and Groups -> Module Config, what is in the "Other objectClasses to add to new users" field?

wohlford's picture
Submitted by wohlford on Sat, 05/08/2010 - 14:34 Pro Licensee

Thank you for replying. Pardon the slow response. My precious grandmother passed away this week.

First of all, "LDAP Users and Groups" is not showing up under system. I've done a Refresh Modules, but alas nothing happens. I have LDAP Client configured. It successfully browses the tree without problems. However, I can access the "LDAP Users and Groups" by doing a search. NSS and PAM are both configured.

Second, it doesn't seem to matter what is in the "Other objectClasses to add to new users." It can be blank, it can have all the objectClasses my other non-webmin LDAP system uses (i.e. top, person, posixAccount, shadowAccount, and inetOrgPerson), or any combination in between. I've also toggled on and off the "Give all Unix users the person object class" with no effect. The best I've accomplished is changing the error message from "objectClass: value #4" to "objectClass: value #2".

I wonder how I might view the objectClasses it's trying to push or better yet view the entire ldap entry webmin trying to add?

wohlford's picture
Submitted by wohlford on Sat, 05/08/2010 - 16:32 Pro Licensee

It appears the problem was "Show fields for given name and surname" set to "Yes." Once I turned that off, everything started working without problems. I figured this out by reinstalling webmin and comparing config files from my backups to reinstalled copies.

Additionally, I've been able to make "LDAP Users and Groups" display under System by setting ldap-useradmin to 1 in /etc/webmin/installed.cache.

I'm still not sure why it doesn't auto-detect, but I'm pleased with my fix.

Closing ticket.