[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX

To: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
Subject: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
From: Konstantin Boyandin <temmokan@gmail.com>
Date: Thu, 13 Jan 2011 13:11:17 +0600
Cc: "'openldap-technical@openldap.org'" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=Hfiu2ONbkTQRtHojkEd1SlYk73veQs8Pck9PuotS/lc=; b=Gm2iikQn4dGQFWOwmHUVxwVNZguZaSoWOyeeaIzd/Hvf68zONl0gI6D4xvvHeTjIjY SOrIRAxMhi1mMuBnySIWZhWFXiA1TglU+CdgHNl6dHPXiTV/6Y7cXhzcv41ivkwcS56Z U37Yt17HzGOqo7udQroojkFIKJm2fKTRmp1xc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=YF3Up0wowjI8SSZ7Le9YwktpSNoK4Fn6+h/OHXzxwHRXH3cgWOiARh2J4f6bk67pMR 0UI7WsKzkrDiBgmb6br5efcMyQa+fiVICoNlFQW8x5bbfkA4iA/jYK+lMSzhgaggW5Ap 3aOLg7Zq80ehf6wR4R8fR+MzJS4DRVkcbAxcE=
In-reply-to: <6C447584419BFE4E83D46E88F81314864850E59590@EXCH07-05.apollogrp.edu>
References: <6C447584419BFE4E83D46E88F81314864850E59590@EXCH07-05.apollogrp.edu>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Thunderbird/3.1.7

13.01.2011 12:59, Chris Jacobs пишет:
> That appears to be the point.
> 
> See: http://www.openldap.org/software/man.cgi?query=ppolicy&apropos=0&sektion=0&manpath=OpenLDAP+2.3-Release&format=html
> ... No results.
> 
> Also look for the ppolicy in:
> http://www.openldap.org/doc/admin23/schema.html#Distributed%20Schema%20Files
> ... It's not there.
> 
> Where did you get the schema and the libraries necessary?

The ppolicy schema is provided by
openldap-servers-2.3.43-12.el5_5.3.x86_64 RPM.

The overlays are provided by
openldap-servers-overlays-2.3.43-12.el5_5.3 RPM.

The directives

modulepath /usr/lib64/openldap
moduleload ppolicy.la
overlay ppolicy
ppolicy_default "cn=default,ou=Policies,dc=example,dc=com"

do not cause slaptest's protests.

> FWIW: the password policy and MUCH more reliable syncing between servers is why we upgraded in
> my shop (turned off the old 2.3 master last week after finally overcoming last hurdles: solaris and use by other custom systems.)

The 2.3.* is the current version available from CentOS standard
repositories.

Switching to 2.4.* (welcome, endless sequences of configure/make/make
install) will only be the last resort if anything else fails. So far,
the mentioned OpenLDAP works fine on both master and slave servers.

So, returning to the original question, is it possible to find why
adding a dn fails? What's wrong with the syntax?

Sincerely,
Konstantin

> 
> - chris
> 
> Chris Jacobs, Systems Administrator
> Apollo Group  |  Apollo Marketing | Aptimus
> 2001 6th Ave Ste 3200 | Seattle, WA 98121
> phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661
> email:  chris.jacobs@apollogrp.edu
> 
> ----- Original Message -----
> From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
> To: Quanah Gibson-Mount <quanah@zimbra.com>
> Cc: openldap-technical@openldap.org <openldap-technical@openldap.org>
> Sent: Wed Jan 12 23:38:54 2011
> Subject: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
> 
> 13.01.2011 11:55, Quanah Gibson-Mount пишет:
>>
>>
>> --On January 13, 2011 11:42:29 AM +0600 Konstantin Boyandin
>> <temmokan@gmail.com> wrote:
>>
>>> Hello,
>>>
>>> OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
>>>
>>> In order to enable ppolicy overlay, I am trying to create the relevant
>>> entries, as specified in
>>>
>>> http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
>>
>> I would suggest you compare the version you are running (2.3) with the
>> version that the document you are reading uses (2.4).  There is an
>> obvious difference there, and it is a major one.  I suggest you run a
>> current supported release of OpenLDAP that matches the documentation you
>> are using.
> 
> Thanks. I opened the 2.3 admin link instead:
> http://www.openldap.org/doc/admin23/
> and it has no overlays section at all. That's weird, since I am using
> replication feature and there's a directive
> 
> overlay syncprov
> 
> in /etc/openldap/slapd.conf
> 
> How can I find the reasons for 'Invalid syntax' error in such a situation?
> Thanks.
> 
> 
> This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
> 
>

Follow-Ups:
- Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
  - From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>

References:
- Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
  - From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>

Prev by Date: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
Next by Date: LDAP and PAM: account is expired, but pam_ldap allows authentification
Index(es):
- Chronological
- Thread