note all are text, do not for a moment consider making the UIDNumber and GIDnumber numeric. if you do, then you are stuffed as the UNK table gets the wrong datatype.
UIDNumber - text!!!! editable, default value something to create a unique number, I used "@Text(@Integer(1000+(@Random*1000)))"
GIDNumber - text!!!! computed formula is "UIDNumber"
home directory - editable, default value "/home/"+@LowerCase(shortname)"
login shell - editable, default value "/bin/bash"
$objectclass - computed, allow multiple values, "posixAccount":"posixGroup"
add your subform to the existing subform $PersonExtensibleSchema
refresh a few person documents
go to your server console and type tell ldap reload schema.
you now have a nicely configured LDAP server.
on the client side (that is your linux machine)
open a couple of root shells, leave them open. you could lock yourself out in this process.
edit /etc/ldap.conf only the following lines should be uncommented:
host www.yourserver.com
binddn cn=Jean-Luc Picard,o=Enterprise
bindpw=makeitso
rootbinddn cn=Jean-Luc Picard,o=Enterprise
pam_password clear
ssl no
replace the bold stuff with a user and password that can read your NAB but not much else.
echo makeitso>/etc/ldap.secret
run authconfig, or edit /etc/pam.d/system-auth, mine looks like this:
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_ldap.so Woops I locked myself out Oh dear. You seem to be in a certain amount of bother, you can't log in as yourself, you can't log in as root, you don't have any root sessions open. A quite unfortunate state of affairs, but don't worry there is a way out (although your uptime will suffer!). Kick off any users on the system (but there won't be any because you aren't doing this on a production machine are you??) then shut it down with ctrl+alt+del or from the X login screen. Now bring up the system in single user mode, from LILO type Linux 1 from Grub ... hopefully you are now at a # prompt, you are root. edit /etc/nsswitch.conf and remove ldap from pretty much every line it appears on. Restart your system again and you should be able to log in. Now open several root sessions and leave them open this time and resume the process.