How to add posixAccount and posixGroup attributes in ApacheDS?

5
votes

I am using Apache Directory Studio (version 2.0.0 on both OpenSUSE(12) and on Windows 7), trying to add the posixAccount attribute to users and the posixGroup attribute to groups. I have followed the suggestion from the following links:

http://bit.ly/1EISJWs

http://bit.ly/1EblT5R

to enable the NIS schema, by setting m-disabled to FALSE. However, following a restart of both the LDAP server and ApacheDS itself, I still cannot add posixAccount or posixGroup attributes to existing entries - they are not available in the list of attributes to add.

My current workaround is to used ldapadd via the command line, as follows:

ldapadd -h <LDAP_SERVER_IP_ADDRESS>:<LDAP_PORT> -x -D "uid=username,ou=users,o=organisationName" -w userPassword -f /path/to/ldap_config_update

where the file "ldap_config_update" contains something like:

dn: uid=dtrotter,ou=groups,o=organisationName
givenName: Derek
sn: Trotter
uidNumber: 1000
gigNubmer: 1025
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: dtrotter
cn: Del Boy
userPassword: plonker123!

It would be nice to know how to achieve this via the ApacheDS GUI.

2
apacheds

2 Answers

7
votes

I was struggling with this as well. Finally worked for me. Apparently there is a stale cache issue going on. In order to have posixGroup available, you have to:

  1. Enable the NIS schema as explained here

  2. Close the connection

  3. Reconnect

  4. When adding a new entry, make sure to hit the Refresh button beside the object class text field.

    enter image description here

  5. posixGroup and other NIS classes should finally become available

5
votes
  1. Open ldap client (Apache directory Studio in my case)
  2. navigate to cn=nis,ou=schema
  3. Change m-disabled propert from TRUE to FALSE
  4. Don't forget press refresh button when lookup posix class from list

enter image description here