I just recopied openLDAP.schema as sudoers.schema and added it to slapd.conf [bluethundr at bluethundr-desktop:~/txt/ldif ] $:ldapadd -h ldap -a -W -x -D "cn=Manager,dc=summitnjhome,dc=com" -f /home/bluethundr/txt/sudoers2.ldif Enter LDAP Password: adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com" adding new entry "cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com" adding new entry "cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com" adding new entry "cn=%summitnjops,ou=sudoers,ou=Services,dc=summitnjhome,dc=com" MAJOR WIN and THANKS to scott !!! On Fri, Oct 8, 2010 at 9:36 PM, Tim Dunphy <bluethundr at gmail.com> wrote: > hmm.. it would seem that grepping the shcema directory for sudoRole or > sudo anything doesn't turn up anything... > > [root at LCENT01:/usr/local/etc/openldap]#grep -ri sudoRole > /usr/local/etc/openldap/schema/ > [root at LCENT01:/usr/local/etc/openldap]#grep -ri sudo > /usr/local/etc/openldap/schema/ > [root at LCENT01:/usr/local/etc/openldap]# > > > On Thu, Oct 7, 2010 at 9:31 PM, Tim Dunphy <bluethundr at gmail.com> wrote: >> Well, if I'm not mistaken copying this file to my shchema directory >> and referencing it in my slapd.conf file should have taken care of >> this objectClass: >> >> >> cp /usr/local/share/doc/sudo/schema.OpenLDAP >> /usr/local/etc/openldap/schema/openldap.schema >> >> >> And, as mentioned, I made sure to include this in my slapd.conf file: >> >> >> # See slapd.conf(5) for details on configuration options. >> # This file should NOT be world readable. >> # >> include /usr/local/etc/openldap/schema/core.schema >> include /usr/local/etc/openldap/schema/cosine.schema >> include /usr/local/etc/openldap/schema/inetorgperson.schema >> include /usr/local/etc/openldap/schema/openldap.schema >> >> >> The _last_ thing I added to my ldap database was this entry (using ldapvi) >> >> >> # sudoers, Services, summitnjhome.com >> dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com >> ou: sudoers >> objectClass: organizationalUnit >> >> >> I then set the appropriate environment variable (I'm partial to C >> Shell these days): >> >> >> setenv SUDOERS_BASE ou=sudoers,ou=Services,dc=summitnjhome,dc=com >> >> >> And exported my sudoers list to an ldif file using this command: >> >> >> /usr/local/share/doc/sudo/sudoers2ldif /usr/local/etc/sudoers > >> /home/bluethundr/txt/ldif/sudoers.ldif >> >> >> And that is when I run into the error that I described earlier: >> >> >> LBSD2# ldapadd -h ldap -a -W -x -D "cn=Manager,dc=summitnjhome,dc=com" >> -f /home/bluethundr/txt/ldif/sudoers.ldif >> Enter LDAP Password: >> adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com" >> ldap_add: Invalid syntax (21) >> additional info: objectClass: value #1 invalid per syntax >> >> >> >> For refresher, this is the entry it's having trouble with: >> >> >> dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com >> objectClass: top >> objectClass: sudoRole >> cn: defaults >> description: Default sudoOption's go here >> >> >> As far as I can gather, sudoRole (which is where the problem appears >> to lie) was supposed to have been added along with the openldap.schema >> that I've included in my slapd.conf file. >> >> Thanks for the help so far... >> >> >> On Thu, Oct 7, 2010 at 5:05 PM, Scott Robbins <scottro at nyc.rr.com> wrote: >>> On Thu, Oct 07, 2010 at 04:38:42PM -0400, Tim Dunphy wrote: >>>> Hello CentOS >>>> >>>> I am having a bit of trouble importing an ldif into openldap, tho the >>>> syntax looks a-ok to me. I am attempting to import my sudoers list >>>> into my ldap configuration and I used an application called sudoers2ldif >>>> to generate the ldif. >>>> >>>> I used the following command to import the file: >>>> >>>> ============================================= >>>> >>>> [root at bluethundr-desktop:~/txt/ldif ] $:ldapadd -h ldap -a -W -x -D >>>> "cn=Manager,dc=summitnjhome,dc=com" -f >>>> /home/bluethundr/txt/sudoers2.ldif >>>> Enter LDAP Password: >>>> adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com" >>>> ldap_add: Invalid syntax (21) >>>> additional info: objectClass: value #1 invalid per syntax >>> >>> It indicates that the second line (it counts from 0, so #1 should be the >>> second line) has something wrong. I would think you'd have to put the >>> objectclass of sudoRole in a schema--a quick look at your email doesn't >>> show it there--forgive me if I missed it. >>> >>> Errm, that is, second line of your objectclass. It makes sense. >>> >>> Taking just the object class listing. >>> >>> >>> >>>> objectClass: top >>>> objectClass: sudoRole >>> >>> We see that value #1 is sudoRole. I don't see it defined in your >>> schema, forgive me if I missed it. If I'm correct though, and it's not >>> in your schema, that's your problem. >>> >>> (Not sure if I should snip the rest of this or not, so will be >>> conservative and not snip--for anyone following the thread, this >>> sentence ends what I have to say about it. :) >>> >>> >>> >>>> >>>> >>>> ============================================= >>>> >>>> And this is the file I am trying to import sudoers2.ldif: >>>> >>>> ============================================ >>>> >>>> >>>> dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com >>>> objectClass: top >>>> objectClass: sudoRole >>>> cn: defaults >>>> description: Default sudoOption's go here >>>> >>>> dn: cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com >>>> objectClass: top >>>> objectClass: sudoRole >>>> cn: root >>>> sudoUser: root >>>> sudoHost: ALL >>>> sudoRunAsUser: ALL >>>> sudoCommand: ALL >>>> >>>> dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com >>>> objectClass: top >>>> objectClass: sudoRole >>>> cn: %wheel >>>> sudoUser: %wheel >>>> sudoHost: ALL >>>> sudoRunAsUser: ALL >>>> sudoCommand: ALL >>>> sudoOption: !authenticate >>>> >>>> dn: cn=%summitnjops,ou=sudoers,ou=Services,dc=summitnjhome,dc=com >>>> objectClass: top >>>> objectClass: sudoRole >>>> cn: %summitnjops >>>> sudoUser: %summitnjops >>>> sudoHost: ALL >>>> sudoRunAsUser: ALL >>>> sudoCommand: ALL >>>> sudoOption: !authenticate >>>> >>>> >>>> ====================================================== >>>> >>>> my ldap schema looks like so: >>>> >>>> ====================================================== >>>> Enter LDAP Password: >>>> # extended LDIF >>>> # >>>> # LDAPv3 >>>> # base <dc=summitnjhome,dc=com> with scope subtree >>>> # filter: (objectclass=*) >>>> # requesting: ALL >>>> # >>>> >>>> # summitnjhome.com >>>> dn: dc=summitnjhome,dc=com >>>> dc: summitnjhome >>>> objectClass: dcObject >>>> objectClass: organization >>>> o: Summit NJ Home >>>> >>>> # staff, summitnjhome.com >>>> dn: ou=staff,dc=summitnjhome,dc=com >>>> ou: staff >>>> objectClass: organizationalUnit >>>> >>>> # summitnjops, staff, summitnjhome.com >>>> dn: ou=summitnjops,ou=staff,dc=summitnjhome,dc=com >>>> ou: summitnjops >>>> objectClass: organizationalUnit >>>> >>>> # people, summitnjhome.com >>>> dn: ou=people,dc=summitnjhome,dc=com >>>> ou: customers >>>> ou: people >>>> objectClass: organizationalUnit >>>> >>>> # Services, summitnjhome.com >>>> dn: ou=Services,dc=summitnjhome,dc=com >>>> ou: services >>>> objectClass: organizationalUnit >>>> >>>> # pam_ldap, Services, summitnjhome.com >>>> dn: cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com >>>> cn: pam_ldap >>>> objectClass: top >>>> objectClass: inetOrgPerson >>>> sn: PAM >>>> userPassword:: secretPass >>>> >>>> # sudoers, Services, summitnjhome.com >>>> dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com >>>> ou: sudoers >>>> objectClass: organizationalUnit >>>> >>>> # search result >>>> search: 2 >>>> result: 0 Success >>>> >>>> # numResponses: 8 >>>> # numEntries: 7 >>>> >>>> >>>> ============================================================== >>>> >>>> could someone please suggest how to get around this error? >>>> >>>> thanks! >>>> >>>> Tim >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>> >>> -- >>> Scott Robbins >>> PGP keyID EB3467D6 >>> ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) >>> gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >> > > > > -- > Here's my RSA Public key: > gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9 > > Share and enjoy!! > -- Here's my RSA Public key: gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9 Share and enjoy!!