hmm.. it would seem that grepping the shcema directory for sudoRole or sudo anything doesn't turn up anything...
[root@LCENT01:/usr/local/etc/openldap]#grep -ri sudoRole /usr/local/etc/openldap/schema/ [root@LCENT01:/usr/local/etc/openldap]#grep -ri sudo /usr/local/etc/openldap/schema/ [root@LCENT01:/usr/local/etc/openldap]#
On Thu, Oct 7, 2010 at 9:31 PM, Tim Dunphy bluethundr@gmail.com wrote:
Well, if I'm not mistaken copying this file to my shchema directory and referencing it in my slapd.conf file should have taken care of this objectClass:
cp /usr/local/share/doc/sudo/schema.OpenLDAP /usr/local/etc/openldap/schema/openldap.schema
And, as mentioned, I made sure to include this in my slapd.conf file:
# See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/openldap.schema
The _last_ thing I added to my ldap database was this entry (using ldapvi)
# sudoers, Services, summitnjhome.com dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com ou: sudoers objectClass: organizationalUnit
I then set the appropriate environment variable (I'm partial to C Shell these days):
setenv SUDOERS_BASE ou=sudoers,ou=Services,dc=summitnjhome,dc=com
And exported my sudoers list to an ldif file using this command:
/usr/local/share/doc/sudo/sudoers2ldif /usr/local/etc/sudoers > /home/bluethundr/txt/ldif/sudoers.ldif
And that is when I run into the error that I described earlier:
LBSD2# ldapadd -h ldap -a -W -x -D "cn=Manager,dc=summitnjhome,dc=com" -f /home/bluethundr/txt/ldif/sudoers.ldif Enter LDAP Password: adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com" ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
For refresher, this is the entry it's having trouble with:
dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here
As far as I can gather, sudoRole (which is where the problem appears to lie) was supposed to have been added along with the openldap.schema that I've included in my slapd.conf file.
Thanks for the help so far...
On Thu, Oct 7, 2010 at 5:05 PM, Scott Robbins scottro@nyc.rr.com wrote:
On Thu, Oct 07, 2010 at 04:38:42PM -0400, Tim Dunphy wrote:
Hello CentOS
I am having a bit of trouble importing an ldif into openldap, tho the syntax looks a-ok to me. I am attempting to import my sudoers list into my ldap configuration and I used an application called sudoers2ldif to generate the ldif.
I used the following command to import the file:
=============================================
[root@bluethundr-desktop:~/txt/ldif ] $:ldapadd -h ldap -a -W -x -D "cn=Manager,dc=summitnjhome,dc=com" -f /home/bluethundr/txt/sudoers2.ldif Enter LDAP Password: adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com" ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
It indicates that the second line (it counts from 0, so #1 should be the second line) has something wrong. I would think you'd have to put the objectclass of sudoRole in a schema--a quick look at your email doesn't show it there--forgive me if I missed it.
Errm, that is, second line of your objectclass. It makes sense.
Taking just the object class listing.
objectClass: top objectClass: sudoRole
We see that value #1 is sudoRole. I don't see it defined in your schema, forgive me if I missed it. If I'm correct though, and it's not in your schema, that's your problem.
(Not sure if I should snip the rest of this or not, so will be conservative and not snip--for anyone following the thread, this sentence ends what I have to say about it. :)
=============================================
And this is the file I am trying to import sudoers2.ldif:
============================================
dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here
dn: cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: root sudoUser: root sudoHost: ALL sudoRunAsUser: ALL sudoCommand: ALL
dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: %wheel sudoUser: %wheel sudoHost: ALL sudoRunAsUser: ALL sudoCommand: ALL sudoOption: !authenticate
dn: cn=%summitnjops,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: %summitnjops sudoUser: %summitnjops sudoHost: ALL sudoRunAsUser: ALL sudoCommand: ALL sudoOption: !authenticate
======================================================
my ldap schema looks like so:
====================================================== Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=summitnjhome,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# summitnjhome.com dn: dc=summitnjhome,dc=com dc: summitnjhome objectClass: dcObject objectClass: organization o: Summit NJ Home
# staff, summitnjhome.com dn: ou=staff,dc=summitnjhome,dc=com ou: staff objectClass: organizationalUnit
# summitnjops, staff, summitnjhome.com dn: ou=summitnjops,ou=staff,dc=summitnjhome,dc=com ou: summitnjops objectClass: organizationalUnit
# people, summitnjhome.com dn: ou=people,dc=summitnjhome,dc=com ou: customers ou: people objectClass: organizationalUnit
# Services, summitnjhome.com dn: ou=Services,dc=summitnjhome,dc=com ou: services objectClass: organizationalUnit
# pam_ldap, Services, summitnjhome.com dn: cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com cn: pam_ldap objectClass: top objectClass: inetOrgPerson sn: PAM userPassword:: secretPass
# sudoers, Services, summitnjhome.com dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com ou: sudoers objectClass: organizationalUnit
# search result search: 2 result: 0 Success
# numResponses: 8 # numEntries: 7
==============================================================
could someone please suggest how to get around this error?
thanks!
Tim _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos