Well, if I'm not mistaken copying this file to my shchema directory and referencing it in my slapd.conf file should have taken care of this objectClass: cp /usr/local/share/doc/sudo/schema.OpenLDAP /usr/local/etc/openldap/schema/openldap.schema And, as mentioned, I made sure to include this in my slapd.conf file: # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/openldap.schema The _last_ thing I added to my ldap database was this entry (using ldapvi) # sudoers, Services, summitnjhome.com dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com ou: sudoers objectClass: organizationalUnit I then set the appropriate environment variable (I'm partial to C Shell these days): setenv SUDOERS_BASE ou=sudoers,ou=Services,dc=summitnjhome,dc=com And exported my sudoers list to an ldif file using this command: /usr/local/share/doc/sudo/sudoers2ldif /usr/local/etc/sudoers > /home/bluethundr/txt/ldif/sudoers.ldif And that is when I run into the error that I described earlier: LBSD2# ldapadd -h ldap -a -W -x -D "cn=Manager,dc=summitnjhome,dc=com" -f /home/bluethundr/txt/ldif/sudoers.ldif Enter LDAP Password: adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com" ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax For refresher, this is the entry it's having trouble with: dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here As far as I can gather, sudoRole (which is where the problem appears to lie) was supposed to have been added along with the openldap.schema that I've included in my slapd.conf file. Thanks for the help so far... On Thu, Oct 7, 2010 at 5:05 PM, Scott Robbins <scottro@xxxxxxxxxx> wrote: > On Thu, Oct 07, 2010 at 04:38:42PM -0400, Tim Dunphy wrote: >> Hello CentOS >> >> I am having a bit of trouble importing an ldif into openldap, tho the >> syntax looks a-ok to me. I am attempting to import my sudoers list >> into my ldap configuration and I used an application called sudoers2ldif >> to generate the ldif. >> >> I used the following command to import the file: >> >> ============================================= >> >> [root@bluethundr-desktop:~/txt/ldif ] $:ldapadd -h ldap -a -W -x -D >> "cn=Manager,dc=summitnjhome,dc=com" -f >> /home/bluethundr/txt/sudoers2.ldif >> Enter LDAP Password: >> adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com" >> ldap_add: Invalid syntax (21) >> additional info: objectClass: value #1 invalid per syntax > > It indicates that the second line (it counts from 0, so #1 should be the > second line) has something wrong. I would think you'd have to put the > objectclass of sudoRole in a schema--a quick look at your email doesn't > show it there--forgive me if I missed it. > > Errm, that is, second line of your objectclass. It makes sense. > > Taking just the object class listing. > > > >> objectClass: top >> objectClass: sudoRole > > We see that value #1 is sudoRole. I don't see it defined in your > schema, forgive me if I missed it. If I'm correct though, and it's not > in your schema, that's your problem. > > (Not sure if I should snip the rest of this or not, so will be > conservative and not snip--for anyone following the thread, this > sentence ends what I have to say about it. :) > > > >> >> >> ============================================= >> >> And this is the file I am trying to import sudoers2.ldif: >> >> ============================================ >> >> >> dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com >> objectClass: top >> objectClass: sudoRole >> cn: defaults >> description: Default sudoOption's go here >> >> dn: cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com >> objectClass: top >> objectClass: sudoRole >> cn: root >> sudoUser: root >> sudoHost: ALL >> sudoRunAsUser: ALL >> sudoCommand: ALL >> >> dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com >> objectClass: top >> objectClass: sudoRole >> cn: %wheel >> sudoUser: %wheel >> sudoHost: ALL >> sudoRunAsUser: ALL >> sudoCommand: ALL >> sudoOption: !authenticate >> >> dn: cn=%summitnjops,ou=sudoers,ou=Services,dc=summitnjhome,dc=com >> objectClass: top >> objectClass: sudoRole >> cn: %summitnjops >> sudoUser: %summitnjops >> sudoHost: ALL >> sudoRunAsUser: ALL >> sudoCommand: ALL >> sudoOption: !authenticate >> >> >> ====================================================== >> >> my ldap schema looks like so: >> >> ====================================================== >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base <dc=summitnjhome,dc=com> with scope subtree >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # summitnjhome.com >> dn: dc=summitnjhome,dc=com >> dc: summitnjhome >> objectClass: dcObject >> objectClass: organization >> o: Summit NJ Home >> >> # staff, summitnjhome.com >> dn: ou=staff,dc=summitnjhome,dc=com >> ou: staff >> objectClass: organizationalUnit >> >> # summitnjops, staff, summitnjhome.com >> dn: ou=summitnjops,ou=staff,dc=summitnjhome,dc=com >> ou: summitnjops >> objectClass: organizationalUnit >> >> # people, summitnjhome.com >> dn: ou=people,dc=summitnjhome,dc=com >> ou: customers >> ou: people >> objectClass: organizationalUnit >> >> # Services, summitnjhome.com >> dn: ou=Services,dc=summitnjhome,dc=com >> ou: services >> objectClass: organizationalUnit >> >> # pam_ldap, Services, summitnjhome.com >> dn: cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com >> cn: pam_ldap >> objectClass: top >> objectClass: inetOrgPerson >> sn: PAM >> userPassword:: secretPass >> >> # sudoers, Services, summitnjhome.com >> dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com >> ou: sudoers >> objectClass: organizationalUnit >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 8 >> # numEntries: 7 >> >> >> ============================================================== >> >> could someone please suggest how to get around this error? >> >> thanks! >> >> Tim >> _______________________________________________ >> CentOS mailing list >> CentOS@xxxxxxxxxx >> http://lists.centos.org/mailman/listinfo/centos > > -- > Scott Robbins > PGP keyID EB3467D6 > ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) > gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos