Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Greetings --Yesterday was my first in-depth exposure to LDAP. I've tried a variety of tricks to complete this project but all have failed. In short, I'd like to setup an LDAP server to serve the contact data typically held (locally) by Thunderbird. I've followed this doc:
dn: cn=Karsten F,dc=domain,dc=be
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
givenName: Karsten
sn: F
cn: Karsten F
modifytimestamp: 1332229548
mozillaHomeStreet: Foo Bar 99
mozillaHomeLocalityName: 20122 Hamburg
mozillaHomeCountryName: Germany
It may not like the Thunderbird.schema, then again it isn't throwing errors when you start slapd process.
If that doesn't work could you post your slapd.conf file?
kbscores: Thanks for the response. I did try that, as well as a bunch of other permutations / combinations of stuff. In appending
',dc=domain,dc=be' to the end of 'dn:' I get the following:
Code:
[...]
adding new entry "cn=Karsten F,dc=domain,dc=be"
modify complete
ldapadd: Invalid syntax (21)
additional info: objectclass: value #4 invalid per syntax
I was led in the direction that it's one of the 'objectclass:' entries but that would just result in 'value #n invalid per syntax' (given whatever line I had removed).
Which schemas are being used in slapd.conf? If the appropriate schema does not exist then it wouldn't understand the objectclasses associated with that schema. I know that multiple schemas are required for some objectclasses as well. Also check for trailing spaces on the ldif. Sometimes if there is an extra space on a line in the ldif it won't recognize it.
I cleaned trailing spaces with a sed trick. As for the schema, in addition to the default schemas made available in openldap-2.3 I'm only using the one posted above. So this gives me:
Code:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
#
include /etc/openldap/schema/thunderbird.schema
So it's the thunderbird.schema the example above uses. I've not modified any of the schema files.
Ok - so those schema load in the order they are listed. I see you have a comment line - Do you have nis.schema commented out in slapd.conf? If not, comment out nis.schema - there may be conflicts with nis.schema and the thunderbird.schema
I tried both with and without nis.schema and the result is the same. I'm beginning to wonder if it's necessarily _the schema_ per se but rather this bit, that I did in step 13 'Inject the directory structure'
dn: dc=domain,dc=be
objectclass: top
objectclass: dcObject
objectclass: organization
dc: domain
o: Name of your company
Problem is... I have no idea values to experiment with in adding additonal 'objectclass:' definitions. And of course, that could be the wrong tree to bark up anyhow...
Hey --thanks again for the suggestions. By being able to "able to add other entries" I assume you mean the ldif data. So for example, in attempting to do what you've noted above this is what I get (note: this is a 2nd run):
Code:
mogwai:/tmp>ldapadd -xv -D "cn=AddressManager,dc=domain,dc=be" -f im1.ldif -W
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
add objectclass:
top
dcObject
organization
add dc:
domain
add o:
Name of your company
adding new entry "dc=domain,dc=be"
modify complete
ldapadd: Already exists (68)
----
mogwai:/tmp>ldapadd -xv -D "cn=AddressManager,dc=domain,dc=be" -f im2.ldif -W
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
add objectclass:
organizationalRole
add cn:
AddressManager
adding new entry "cn=AddressManager,dc=domain,dc=be"
modify complete
ldapadd: Already exists (68)
----
mogwai:/tmp>ldapadd -xv -D "cn=AddressManager,dc=domain,dc=be" -f j.ldif -W
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
add objectclass:
top
person
organizationalPerson
inetOrgPerson
mozillaAbPersonAlpha
add givenName:
Karsten
add sn:
F
add cn:
Karsten F
add modifytimestamp:
1332229548
add mozillaHomeStreet:
Foo Bar 99
add mozillaHomeLocalityName:
20122 Hamburg
add mozillaHomeCountryName:
Germany
adding new entry "cn=Karsten F,dc=domain,dc=be"
modify complete
ldapadd: Invalid syntax (21)
additional info: objectclass: value #4 invalid per syntax
The contents are exactly what you've posted above...
Code:
mogwai:/tmp>cat im1.ldif
dn: dc=domain,dc=be
objectclass: top
objectclass: dcObject
objectclass: organization
dc: domain
o: Name of your company
-----
mogwai:/tmp>cat im2.ldif
dn: cn=AddressManager,dc=domain,dc=be
objectclass: organizationalRole
cn: AddressManager
-----
mogwai:/tmp>cat j.ldif
dn: cn=Karsten F,dc=domain,dc=be
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
givenName: Karsten
sn: F
cn: Karsten F
modifytimestamp: 1332229548
mozillaHomeStreet: Foo Bar 99
mozillaHomeLocalityName: 20122 Hamburg
mozillaHomeCountryName: Germany
Hey kbscores --thanks so much for your help on this one. I triple check that schema for cleanliness and did quite a bit of searching for alternate schema, solutions, etc. I _did not_ find that post that you mentioned above so I'm eager to try that out. I'll report back on whether that offered some positive results!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
