After extending the schema, two attribute mappings must be removed for proper operations. If they are not removed, neither uidNumber nor gidNumber will work as needed.

Attribute mappings are used to map LDAP attribute names to NDS attribute names as a compatibility feature of Novell NDS. Since NDS has been around for a longer time than the LDAP specification, a lot of software exists that use the NDS names of object classes and attributes.

In order for LDAP authentication to work, the mapping from uidNumber to UID as well as the one from gidNumber to GID must be removed.

To remove the mappings you right click on the LDAP group entry at root level of your tree and select Properties . Under the Attribute map tab is a list of attribute mappings. Depending on your version of eDirectory and your version of Console One, there are either direct mappings between gidNumber and GID, or a mapping between groupID and GID, with gidNumber as a secondary LDAP attribute. If there is a search function available, use that to locate the relevant mappings, and delete them.

One symptom of the fact that attribute mappings for gidNumber and uidNumber have not been removed is that when searching eDirectory for groups without specifying what attribute to fetch, the gidNumber shows up, but when explicitly specifying that gidNumber should be fetched, no data is returned.