[CentOS] ldif invalid per syntax

Scott Robbins scottro at nyc.rr.com
Thu Oct 7 21:05:02 UTC 2010 

On Thu, Oct 07, 2010 at 04:38:42PM -0400, Tim Dunphy wrote:
> Hello CentOS
> 
> I am having a bit of trouble importing an ldif into openldap, tho the
> syntax looks a-ok to me. I am attempting to import my sudoers list
> into my ldap configuration and I used an application called sudoers2ldif
> to generate the ldif.
> 
>  I used the following command to import the file:
> 
> =============================================
> 
>  [root at bluethundr-desktop:~/txt/ldif ] $:ldapadd -h ldap -a -W -x -D
> "cn=Manager,dc=summitnjhome,dc=com" -f
> /home/bluethundr/txt/sudoers2.ldif
> Enter LDAP Password:
> adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"
> ldap_add: Invalid syntax (21)
>        additional info: objectClass: value #1 invalid per syntax

It indicates that the second line (it counts from 0, so #1 should be the
second line) has something wrong.  I would think you'd have to put the
objectclass of sudoRole in a schema--a quick look at your email doesn't
show it there--forgive me if I missed it.  

Errm, that is, second line of your objectclass.  It makes sense. 

Taking just the object class listing.



> objectClass: top
> objectClass: sudoRole

We see that value #1 is sudoRole.  I don't see it defined in your
schema, forgive me if I missed it.   If I'm correct though, and it's not
in your schema, that's your problem. 

(Not sure if I should snip the rest of this or not, so will be
conservative and not snip--for anyone following the thread, this
sentence ends what I have to say about it.  :)  



> 
> 
> =============================================
> 
>  And this is the file I am trying to import sudoers2.ldif:
> 
>  ============================================
> 
> 
> dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> objectClass: top
> objectClass: sudoRole
> cn: defaults
> description: Default sudoOption's go here
> 
> dn: cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> objectClass: top
> objectClass: sudoRole
> cn: root
> sudoUser: root
> sudoHost: ALL
> sudoRunAsUser: ALL
> sudoCommand: ALL
> 
> dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> objectClass: top
> objectClass: sudoRole
> cn: %wheel
> sudoUser: %wheel
> sudoHost: ALL
> sudoRunAsUser: ALL
> sudoCommand: ALL
> sudoOption: !authenticate
> 
> dn: cn=%summitnjops,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> objectClass: top
> objectClass: sudoRole
> cn: %summitnjops
> sudoUser: %summitnjops
> sudoHost: ALL
> sudoRunAsUser: ALL
> sudoCommand: ALL
> sudoOption: !authenticate
> 
> 
> ======================================================
> 
> my ldap schema looks like so:
> 
> ======================================================
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=summitnjhome,dc=com> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
> 
> # summitnjhome.com
> dn: dc=summitnjhome,dc=com
> dc: summitnjhome
> objectClass: dcObject
> objectClass: organization
> o: Summit NJ Home
> 
> # staff, summitnjhome.com
> dn: ou=staff,dc=summitnjhome,dc=com
> ou: staff
> objectClass: organizationalUnit
> 
> # summitnjops, staff, summitnjhome.com
> dn: ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
> ou: summitnjops
> objectClass: organizationalUnit
> 
> # people, summitnjhome.com
> dn: ou=people,dc=summitnjhome,dc=com
> ou: customers
> ou: people
> objectClass: organizationalUnit
> 
> # Services, summitnjhome.com
> dn: ou=Services,dc=summitnjhome,dc=com
> ou: services
> objectClass: organizationalUnit
> 
> # pam_ldap, Services, summitnjhome.com
> dn: cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com
> cn: pam_ldap
> objectClass: top
> objectClass: inetOrgPerson
> sn: PAM
> userPassword:: secretPass
> 
> # sudoers, Services, summitnjhome.com
> dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> ou: sudoers
> objectClass: organizationalUnit
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 8
> # numEntries: 7
> 
> 
> ==============================================================
> 
>  could someone please suggest how to get around this error?
> 
> thanks!
> 
> Tim
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

More information about the CentOS mailing list