[CentOS] ldif invalid per syntax

Tim Dunphy bluethundr at gmail.com
Fri Oct 8 21:36:43 EDT 2010


hmm.. it would seem that grepping the shcema directory for sudoRole or
sudo anything doesn't turn up anything...

[root at LCENT01:/usr/local/etc/openldap]#grep -ri sudoRole
/usr/local/etc/openldap/schema/
[root at LCENT01:/usr/local/etc/openldap]#grep -ri sudo
/usr/local/etc/openldap/schema/
[root at LCENT01:/usr/local/etc/openldap]#


On Thu, Oct 7, 2010 at 9:31 PM, Tim Dunphy <bluethundr at gmail.com> wrote:
> Well, if I'm not mistaken copying this file to my shchema directory
> and referencing it in my slapd.conf file should have taken care of
> this objectClass:
>
>
> cp /usr/local/share/doc/sudo/schema.OpenLDAP
> /usr/local/etc/openldap/schema/openldap.schema
>
>
> And, as mentioned, I made sure to include this in my slapd.conf file:
>
>
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /usr/local/etc/openldap/schema/core.schema
> include         /usr/local/etc/openldap/schema/cosine.schema
> include         /usr/local/etc/openldap/schema/inetorgperson.schema
> include         /usr/local/etc/openldap/schema/openldap.schema
>
>
> The _last_ thing I added to my ldap database was this entry (using ldapvi)
>
>
> # sudoers, Services, summitnjhome.com
> dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> ou: sudoers
> objectClass: organizationalUnit
>
>
> I then set the appropriate environment variable  (I'm partial to C
> Shell these days):
>
>
> setenv SUDOERS_BASE ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>
>
> And exported my sudoers list to an ldif file using this command:
>
>
> /usr/local/share/doc/sudo/sudoers2ldif /usr/local/etc/sudoers >
> /home/bluethundr/txt/ldif/sudoers.ldif
>
>
> And that is when I run into the error that I described earlier:
>
>
> LBSD2# ldapadd -h ldap -a -W -x -D "cn=Manager,dc=summitnjhome,dc=com"
> -f /home/bluethundr/txt/ldif/sudoers.ldif
> Enter LDAP Password:
> adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"
> ldap_add: Invalid syntax (21)
>        additional info: objectClass: value #1 invalid per syntax
>
>
>
> For refresher, this is the entry it's having trouble with:
>
>
> dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
> objectClass: top
> objectClass: sudoRole
> cn: defaults
> description: Default sudoOption's go here
>
>
> As far as I can gather, sudoRole (which is where the problem appears
> to lie) was supposed to have been added along with the openldap.schema
> that I've included in my slapd.conf file.
>
> Thanks for the help so far...
>
>
> On Thu, Oct 7, 2010 at 5:05 PM, Scott Robbins <scottro at nyc.rr.com> wrote:
>> On Thu, Oct 07, 2010 at 04:38:42PM -0400, Tim Dunphy wrote:
>>> Hello CentOS
>>>
>>> I am having a bit of trouble importing an ldif into openldap, tho the
>>> syntax looks a-ok to me. I am attempting to import my sudoers list
>>> into my ldap configuration and I used an application called sudoers2ldif
>>> to generate the ldif.
>>>
>>>  I used the following command to import the file:
>>>
>>> =============================================
>>>
>>>  [root at bluethundr-desktop:~/txt/ldif ] $:ldapadd -h ldap -a -W -x -D
>>> "cn=Manager,dc=summitnjhome,dc=com" -f
>>> /home/bluethundr/txt/sudoers2.ldif
>>> Enter LDAP Password:
>>> adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"
>>> ldap_add: Invalid syntax (21)
>>>        additional info: objectClass: value #1 invalid per syntax
>>
>> It indicates that the second line (it counts from 0, so #1 should be the
>> second line) has something wrong.  I would think you'd have to put the
>> objectclass of sudoRole in a schema--a quick look at your email doesn't
>> show it there--forgive me if I missed it.
>>
>> Errm, that is, second line of your objectclass.  It makes sense.
>>
>> Taking just the object class listing.
>>
>>
>>
>>> objectClass: top
>>> objectClass: sudoRole
>>
>> We see that value #1 is sudoRole.  I don't see it defined in your
>> schema, forgive me if I missed it.   If I'm correct though, and it's not
>> in your schema, that's your problem.
>>
>> (Not sure if I should snip the rest of this or not, so will be
>> conservative and not snip--for anyone following the thread, this
>> sentence ends what I have to say about it.  :)
>>
>>
>>
>>>
>>>
>>> =============================================
>>>
>>>  And this is the file I am trying to import sudoers2.ldif:
>>>
>>>  ============================================
>>>
>>>
>>> dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>> objectClass: top
>>> objectClass: sudoRole
>>> cn: defaults
>>> description: Default sudoOption's go here
>>>
>>> dn: cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>> objectClass: top
>>> objectClass: sudoRole
>>> cn: root
>>> sudoUser: root
>>> sudoHost: ALL
>>> sudoRunAsUser: ALL
>>> sudoCommand: ALL
>>>
>>> dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>> objectClass: top
>>> objectClass: sudoRole
>>> cn: %wheel
>>> sudoUser: %wheel
>>> sudoHost: ALL
>>> sudoRunAsUser: ALL
>>> sudoCommand: ALL
>>> sudoOption: !authenticate
>>>
>>> dn: cn=%summitnjops,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>> objectClass: top
>>> objectClass: sudoRole
>>> cn: %summitnjops
>>> sudoUser: %summitnjops
>>> sudoHost: ALL
>>> sudoRunAsUser: ALL
>>> sudoCommand: ALL
>>> sudoOption: !authenticate
>>>
>>>
>>> ======================================================
>>>
>>> my ldap schema looks like so:
>>>
>>> ======================================================
>>> Enter LDAP Password:
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <dc=summitnjhome,dc=com> with scope subtree
>>> # filter: (objectclass=*)
>>> # requesting: ALL
>>> #
>>>
>>> # summitnjhome.com
>>> dn: dc=summitnjhome,dc=com
>>> dc: summitnjhome
>>> objectClass: dcObject
>>> objectClass: organization
>>> o: Summit NJ Home
>>>
>>> # staff, summitnjhome.com
>>> dn: ou=staff,dc=summitnjhome,dc=com
>>> ou: staff
>>> objectClass: organizationalUnit
>>>
>>> # summitnjops, staff, summitnjhome.com
>>> dn: ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
>>> ou: summitnjops
>>> objectClass: organizationalUnit
>>>
>>> # people, summitnjhome.com
>>> dn: ou=people,dc=summitnjhome,dc=com
>>> ou: customers
>>> ou: people
>>> objectClass: organizationalUnit
>>>
>>> # Services, summitnjhome.com
>>> dn: ou=Services,dc=summitnjhome,dc=com
>>> ou: services
>>> objectClass: organizationalUnit
>>>
>>> # pam_ldap, Services, summitnjhome.com
>>> dn: cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com
>>> cn: pam_ldap
>>> objectClass: top
>>> objectClass: inetOrgPerson
>>> sn: PAM
>>> userPassword:: secretPass
>>>
>>> # sudoers, Services, summitnjhome.com
>>> dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>> ou: sudoers
>>> objectClass: organizationalUnit
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 8
>>> # numEntries: 7
>>>
>>>
>>> ==============================================================
>>>
>>>  could someone please suggest how to get around this error?
>>>
>>> thanks!
>>>
>>> Tim
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>
>> --
>> Scott Robbins
>> PGP keyID EB3467D6
>> ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
>> gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>



-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!


More information about the CentOS mailing list