Re: ldif invalid per syntax

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

I just recopied openLDAP.schema as sudoers.schema and added it to slapd.conf


[bluethundr@bluethundr-desktop:~/txt/ldif ] $:ldapadd -h ldap -a -W -x
-D "cn=Manager,dc=summitnjhome,dc=com" -f
/home/bluethundr/txt/sudoers2.ldif
Enter LDAP Password:
adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"

adding new entry "cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"

adding new entry "cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"

adding new entry "cn=%summitnjops,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"


MAJOR WIN and THANKS to scott !!!


On Fri, Oct 8, 2010 at 9:36 PM, Tim Dunphy <bluethundr@xxxxxxxxx> wrote:
> hmm.. it would seem that grepping the shcema directory for sudoRole or
> sudo anything doesn't turn up anything...
>
> [root@LCENT01:/usr/local/etc/openldap]#grep -ri sudoRole
> /usr/local/etc/openldap/schema/
> [root@LCENT01:/usr/local/etc/openldap]#grep -ri sudo
> /usr/local/etc/openldap/schema/
> [root@LCENT01:/usr/local/etc/openldap]#
>
>
> On Thu, Oct 7, 2010 at 9:31 PM, Tim Dunphy <bluethundr@xxxxxxxxx> wrote:
>> Well, if I'm not mistaken copying this file to my shchema directory
>> and referencing it in my slapd.conf file should have taken care of
>> this objectClass:
>>
>>
>> cp /usr/local/share/doc/sudo/schema.OpenLDAP
>> /usr/local/etc/openldap/schema/openldap.schema
>>
>>
>> And, as mentioned, I made sure to include this in my slapd.conf file:
>>
>>
>> # See slapd.conf(5) for details on configuration options.
>> # This file should NOT be world readable.
>> #
>> include         /usr/local/etc/openldap/schema/core.schema
>> include         /usr/local/etc/openldap/schema/cosine.schema
>> include         /usr/local/etc/openldap/schema/inetorgperson.schema
>> include         /usr/local/etc/openldap/schema/openldap.schema
>>
>>
>> The _last_ thing I added to my ldap database was this entry (using ldapvi)
>>
>>
>> # sudoers, Services, summitnjhome.com
>> dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>> ou: sudoers
>> objectClass: organizationalUnit
>>
>>
>> I then set the appropriate environment variable  (I'm partial to C
>> Shell these days):
>>
>>
>> setenv SUDOERS_BASE ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>
>>
>> And exported my sudoers list to an ldif file using this command:
>>
>>
>> /usr/local/share/doc/sudo/sudoers2ldif /usr/local/etc/sudoers >
>> /home/bluethundr/txt/ldif/sudoers.ldif
>>
>>
>> And that is when I run into the error that I described earlier:
>>
>>
>> LBSD2# ldapadd -h ldap -a -W -x -D "cn=Manager,dc=summitnjhome,dc=com"
>> -f /home/bluethundr/txt/ldif/sudoers.ldif
>> Enter LDAP Password:
>> adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"
>> ldap_add: Invalid syntax (21)
>>        additional info: objectClass: value #1 invalid per syntax
>>
>>
>>
>> For refresher, this is the entry it's having trouble with:
>>
>>
>> dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>> objectClass: top
>> objectClass: sudoRole
>> cn: defaults
>> description: Default sudoOption's go here
>>
>>
>> As far as I can gather, sudoRole (which is where the problem appears
>> to lie) was supposed to have been added along with the openldap.schema
>> that I've included in my slapd.conf file.
>>
>> Thanks for the help so far...
>>
>>
>> On Thu, Oct 7, 2010 at 5:05 PM, Scott Robbins <scottro@xxxxxxxxxx> wrote:
>>> On Thu, Oct 07, 2010 at 04:38:42PM -0400, Tim Dunphy wrote:
>>>> Hello CentOS
>>>>
>>>> I am having a bit of trouble importing an ldif into openldap, tho the
>>>> syntax looks a-ok to me. I am attempting to import my sudoers list
>>>> into my ldap configuration and I used an application called sudoers2ldif
>>>> to generate the ldif.
>>>>
>>>>  I used the following command to import the file:
>>>>
>>>> =============================================
>>>>
>>>>  [root@bluethundr-desktop:~/txt/ldif ] $:ldapadd -h ldap -a -W -x -D
>>>> "cn=Manager,dc=summitnjhome,dc=com" -f
>>>> /home/bluethundr/txt/sudoers2.ldif
>>>> Enter LDAP Password:
>>>> adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com"
>>>> ldap_add: Invalid syntax (21)
>>>>        additional info: objectClass: value #1 invalid per syntax
>>>
>>> It indicates that the second line (it counts from 0, so #1 should be the
>>> second line) has something wrong.  I would think you'd have to put the
>>> objectclass of sudoRole in a schema--a quick look at your email doesn't
>>> show it there--forgive me if I missed it.
>>>
>>> Errm, that is, second line of your objectclass.  It makes sense.
>>>
>>> Taking just the object class listing.
>>>
>>>
>>>
>>>> objectClass: top
>>>> objectClass: sudoRole
>>>
>>> We see that value #1 is sudoRole.  I don't see it defined in your
>>> schema, forgive me if I missed it.   If I'm correct though, and it's not
>>> in your schema, that's your problem.
>>>
>>> (Not sure if I should snip the rest of this or not, so will be
>>> conservative and not snip--for anyone following the thread, this
>>> sentence ends what I have to say about it.  :)
>>>
>>>
>>>
>>>>
>>>>
>>>> =============================================
>>>>
>>>>  And this is the file I am trying to import sudoers2.ldif:
>>>>
>>>>  ============================================
>>>>
>>>>
>>>> dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>>> objectClass: top
>>>> objectClass: sudoRole
>>>> cn: defaults
>>>> description: Default sudoOption's go here
>>>>
>>>> dn: cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>>> objectClass: top
>>>> objectClass: sudoRole
>>>> cn: root
>>>> sudoUser: root
>>>> sudoHost: ALL
>>>> sudoRunAsUser: ALL
>>>> sudoCommand: ALL
>>>>
>>>> dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>>> objectClass: top
>>>> objectClass: sudoRole
>>>> cn: %wheel
>>>> sudoUser: %wheel
>>>> sudoHost: ALL
>>>> sudoRunAsUser: ALL
>>>> sudoCommand: ALL
>>>> sudoOption: !authenticate
>>>>
>>>> dn: cn=%summitnjops,ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>>> objectClass: top
>>>> objectClass: sudoRole
>>>> cn: %summitnjops
>>>> sudoUser: %summitnjops
>>>> sudoHost: ALL
>>>> sudoRunAsUser: ALL
>>>> sudoCommand: ALL
>>>> sudoOption: !authenticate
>>>>
>>>>
>>>> ======================================================
>>>>
>>>> my ldap schema looks like so:
>>>>
>>>> ======================================================
>>>> Enter LDAP Password:
>>>> # extended LDIF
>>>> #
>>>> # LDAPv3
>>>> # base <dc=summitnjhome,dc=com> with scope subtree
>>>> # filter: (objectclass=*)
>>>> # requesting: ALL
>>>> #
>>>>
>>>> # summitnjhome.com
>>>> dn: dc=summitnjhome,dc=com
>>>> dc: summitnjhome
>>>> objectClass: dcObject
>>>> objectClass: organization
>>>> o: Summit NJ Home
>>>>
>>>> # staff, summitnjhome.com
>>>> dn: ou=staff,dc=summitnjhome,dc=com
>>>> ou: staff
>>>> objectClass: organizationalUnit
>>>>
>>>> # summitnjops, staff, summitnjhome.com
>>>> dn: ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
>>>> ou: summitnjops
>>>> objectClass: organizationalUnit
>>>>
>>>> # people, summitnjhome.com
>>>> dn: ou=people,dc=summitnjhome,dc=com
>>>> ou: customers
>>>> ou: people
>>>> objectClass: organizationalUnit
>>>>
>>>> # Services, summitnjhome.com
>>>> dn: ou=Services,dc=summitnjhome,dc=com
>>>> ou: services
>>>> objectClass: organizationalUnit
>>>>
>>>> # pam_ldap, Services, summitnjhome.com
>>>> dn: cn=pam_ldap,ou=Services,dc=summitnjhome,dc=com
>>>> cn: pam_ldap
>>>> objectClass: top
>>>> objectClass: inetOrgPerson
>>>> sn: PAM
>>>> userPassword:: secretPass
>>>>
>>>> # sudoers, Services, summitnjhome.com
>>>> dn: ou=sudoers,ou=Services,dc=summitnjhome,dc=com
>>>> ou: sudoers
>>>> objectClass: organizationalUnit
>>>>
>>>> # search result
>>>> search: 2
>>>> result: 0 Success
>>>>
>>>> # numResponses: 8
>>>> # numEntries: 7
>>>>
>>>>
>>>> ==============================================================
>>>>
>>>>  could someone please suggest how to get around this error?
>>>>
>>>> thanks!
>>>>
>>>> Tim
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS@xxxxxxxxxx
>>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>> --
>>> Scott Robbins
>>> PGP keyID EB3467D6
>>> ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
>>> gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS@xxxxxxxxxx
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>
>
>
>
> --
> Here's my RSA Public key:
> gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
>
> Share and enjoy!!
>



-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux