Bevan C. Bennett wrote: > Stephen Walton wrote: > > In this case [for LDAP users] (perhaps system > accounts neccessary for running a SAMBA PDC) you might want to use > 'account' rather than 'inetOrgPerson', since these aren't people and > don't need all the 'people-ish' extra attributes. I'll look into the implications of this. I was following those articles I keep talking about in Linux Journal, but I see the scripts in /usr/share/openldap/migration use 'account' instead of 'inetOrgPerson' so that's probably the way to go. >> since RH9 >> I've been seeing lines in /var/log/messages like: >> >> Jan 8 14:23:55 server automount[21351]: lookup(ldap): query succeeded, >> no matches for (&(objectclass=nisObject)(cn=/)) > > You'll get these if you have: > automount: files ldap > listed in your /etc/nsswitch.conf but don't have the automount info Actually that's not the cause. I'm using the older automount-style LDIFs for autofs, like: # auto.master, domain.com dn: ou=auto.master,dc=domain,dc=com objectClass: top objectClass: automountMap ou: auto.master # /home, auto.master, domain.com dn: cn=/home,ou=auto.master,dc=domain,dc=com objectClass: automount automountInformation: ldap:ldaphost.domain.com:ou=auto.home,dc=domain,dc=com cn: /home Hence the errors about nisObject lookups failing. It appears that the current autofs startup script for FC1 wants the newer nisObject form as in your e-mail rather than the one I'm using. This is, of course, also the one generated by the current migration scripts. Sigh, don't really want to rewrite my LDIF files but may have to. Steve -- Stephen Walton, Professor, Dept. of Physics & Astronomy, Cal State Northridge stephen.walton@xxxxxxxx
