Hi everybody,
I need some help in finding where I did make a mistake in my settings. First of all some specs about the system I'm talking about.
My system runs Gentoo with Webmin 1.350 and Virtualmin 3.44gpl (now because of testing 3.41gpl). I have set up Virtualmin for using Qmail+LDAP although Postfix+LDAP is running actually. It works very well. I can add or remove new mailbox accounts, change passwords and set up aliases. The system has never failed in the last days and month.
But something went wrong. On my test system which was set up the same (but Webmin 1.337 and Virtualmin 3.38) I can still set new virtual hosts but on this production system I can't (anymore). But I can't find the wrong setting.
What happens when creating a new virtual host setup? Just for example, I tried to set up a new virtual host for the domain example.tld. Virtualmin started setting up the required LDAP group example.tld and the domain user example.tld without any errors (indicated by the message "....done!").
In the next step it fails with the error message "Failed to create virtual server : object class 'inetOrgPerson' requires attribute 'sn'". But why? The adminitrative user example.tld was set up the right way - the required attribute sn was set.
I double-checked the settings in Virtualmin and in LDAP user and group module. The mostly given advise in this case to set "LDAP properties for all new users" to "sn: ${REAL}" in module LDAP user and group is given.
Any ideas what goes wrong? What will be done in the next step after creating the adminitrative user?
Thanks for any help!
Regards, Stephan Haller
Hi Stephan,
Could you post the full output from Virtualmin up to and including the error message? That will show me where in the code it may be failing..
--
Check out the forum guidelines!
I *think* that this error is happening when creating the email alias that points to the new unix user. On the Module Config page, what do you have in the 'Additional object classes for LDAP aliases' field? inetOrgPerson probably shouldn't be there..
--
Check out the forum guidelines!
You should try setting this field to some structural object class that your LDAP server allows to be used for aliases. Virtualmin always adds 'qmailAlias' to the list of object classes for an alias object, but in your case that may not work if you aren't using Qmail+LDAP .. so you'd need to find a new class like perhaps 'top'.
--
Check out the forum guidelines!
That the output when creating a new virtual host et-crazy.de
--
Creating home directory ..
.. done
Creating administration group et-crazy.de ..
.. done
Creating administration user et-crazy.de ..
.. done
Failed to create virtual server : object class 'inetOrgPerson' requires attribute 'sn'
I have inetOrgPerson in this field. I tried to remove it, to keep it empty but then the following error message will be displayed when trying to create the virtual host: "Failed to create virtual server : no structural object class provided". But this isn't suprising me.
But on my testing system (Webmin 1.337 + Virtualmin 3.38) the field 'Additional object classes for LDAP aliases' is also set to "inetOrgPerson" and it works. That's suprising :(
"top" can't be used because it's an abstract object class every structual object class is derived from. I checked all possible classes I can use and "inetOrgPerson" is the most suitable one I think.
But your hint that the email alias is created at this time helped me. I found the block of code in feature-mail.pl where I had to insert two additional lines and now it works. It's ugly to hard-code two additional LDAP attributes into the perl script and it's not update-safe.
Where can I send a feature request to? It would be nice if you could pre-define LDAP attributes for LDAP aliases like it is already possible for LDAP users (Field "Additional attributes for LDAP users") .... something like "Additional attributes for LDAP aliases" ;)
Many thanks
Stephan Haller