[CentOS] ldif invalid per syntax

Tim Dunphy bluethundr at gmail.com
Thu Oct 7 21:31:15 EDT 2010


Well, if I'm not mistaken copying this file to my shchema directory
and referencing it in my slapd.conf file should have taken care of
this objectClass:


cp /usr/local/share/doc/sudo/schema.OpenLDAP
/usr/local/etc/openldap/schema/openldap.schema


And, as mentioned, I made sure to include this in my slapd.conf file:


# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/openldap.schema


The _last_ thing I added to my ldap database was this entry (using ldapvi)


# sudoers, Services, summitnjhome.com
dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com
ou: sudoers
objectClass: organizationalUnit


I then set the appropriate environment variable  (I'm partial to C
Shell these days):


setenv SUDOERS_BASE ou=sudoers,ou=Services,dc=summitnjhome,dc=com


And exported my sudoers list to an ldif file using this command:


/usr/local/share/doc/sudo/sudoers2ldif /usr/local/etc/sudoers >
/home/bluethundr/txt/ldif/sudoers.ldif


And that is when I run into the error that I described earlier:


LBSD2# ldapadd -h ldap -a -W -x -D "cn=Manager,dc=summitnjhome,dc=com"
-f /home/bluethundr/txt/ldif/sudoers.ldif
Enter LDAP Password:
adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"
ldap_add: Invalid syntax (21)
	additional info: objectClass: value #1 invalid per syntax



For refresher, this is the entry it's having trouble with:


dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here


As far as I can gather, sudoRole (which is where the problem appears
to lie) was supposed to have been added along with the openldap.schema
that I've included in my slapd.conf file.

Thanks for the help so far...


On Thu, Oct 7, 2010 at 5:05 PM, Scott Robbins <scottro at nyc.rr.com> wrote:
> On Thu, Oct 07, 2010 at 04:38:42PM -0400, Tim Dunphy wrote:
>> Hello CentOS
>>
>> I am having a bit of trouble importing an ldif into openldap, tho the
>> syntax looks a-ok to me. I am attempting to import my sudoers list
>> into my ldap configuration and I used an application called sudoers2ldif
>> to generate the ldif.
>>
>>  I used the following command to import the file:
>>
>> =============================================
>>
>>  [root at bluethundr-desktop:~/txt/ldif ] $:ldapadd -h ldap -a -W -x -D
>> "cn=Manager,dc=summitnjhome,dc=com" -f
>> /home/bluethundr/txt/sudoers2.ldif
>> Enter LDAP Password:
>> adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"
>> ldap_add: Invalid syntax (21)
>>        additional info: objectClass: value #1 invalid per syntax
>
> It indicates that the second line (it counts from 0, so #1 should be the
> second line) has something wrong.  I would think you'd have to put the
> objectclass of sudoRole in a schema--a quick look at your email doesn't
> show it there--forgive me if I missed it.
>
> Errm, that is, second line of your objectclass.  It makes sense.
>
> Taking just the object class listing.
>
>
>
>> objectClass: top
>> objectClass: sudoRole
>
> We see that value #1 is sudoRole.  I don't see it defined in your
> schema, forgive me if I missed it.   If I'm correct though, and it's not
> in your schema, that's your problem.
>
> (Not sure if I should snip the rest of this or not, so will be
> conservative and not snip--for anyone following the thread, this
> sentence ends what I have to say about it.  :)
>
>
>
>>
>>
>> =============================================
>>
>>  And this is the file I am trying to import sudoers2.ldif:
>>
>>  ============================================
>>
>>
>> dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>> objectClass: top
>> objectClass: sudoRole
>> cn: defaults
>> description: Default sudoOption's go here
>>
>> dn: cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>> objectClass: top
>> objectClass: sudoRole
>> cn: root
>> sudoUser: root
>> sudoHost: ALL
>> sudoRunAsUser: ALL
>> sudoCommand: ALL
>>
>> dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>> objectClass: top
>> objectClass: sudoRole
>> cn: %wheel
>> sudoUser: %wheel
>> sudoHost: ALL
>> sudoRunAsUser: ALL
>> sudoCommand: ALL
>> sudoOption: !authenticate
>>
>> dn: cn=%summitnjops,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>> objectClass: top
>> objectClass: sudoRole
>> cn: %summitnjops
>> sudoUser: %summitnjops
>> sudoHost: ALL
>> sudoRunAsUser: ALL
>> sudoCommand: ALL
>> sudoOption: !authenticate
>>
>>
>> ======================================================
>>
>> my ldap schema looks like so:
>>
>> ======================================================
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <dc=summitnjhome,dc=com> with scope subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # summitnjhome.com
>> dn: dc=summitnjhome,dc=com
>> dc: summitnjhome
>> objectClass: dcObject
>> objectClass: organization
>> o: Summit NJ Home
>>
>> # staff, summitnjhome.com
>> dn: ou=staff,dc=summitnjhome,dc=com
>> ou: staff
>> objectClass: organizationalUnit
>>
>> # summitnjops, staff, summitnjhome.com
>> dn: ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
>> ou: summitnjops
>> objectClass: organizationalUnit
>>
>> # people, summitnjhome.com
>> dn: ou=people,dc=summitnjhome,dc=com
>> ou: customers
>> ou: people
>> objectClass: organizationalUnit
>>
>> # Services, summitnjhome.com
>> dn: ou=Services,dc=summitnjhome,dc=com
>> ou: services
>> objectClass: organizationalUnit
>>
>> # pam_ldap, Services, summitnjhome.com
>> dn: cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com
>> cn: pam_ldap
>> objectClass: top
>> objectClass: inetOrgPerson
>> sn: PAM
>> userPassword:: secretPass
>>
>> # sudoers, Services, summitnjhome.com
>> dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>> ou: sudoers
>> objectClass: organizationalUnit
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 8
>> # numEntries: 7
>>
>>
>> ==============================================================
>>
>>  could someone please suggest how to get around this error?
>>
>> thanks!
>>
>> Tim
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>
> --
> Scott Robbins
> PGP keyID EB3467D6
> ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
> gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


More information about the CentOS mailing list