[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: So close and yet so annoyed...
- To: openldap-software@OpenLDAP.org
- Subject: RE: So close and yet so annoyed...
- From: Ken Ingram <kingram@sdl.org>
- Date: Thu, 13 Dec 2001 00:25:56 -0800 (PST)
- In-reply-to: <439E6A26989CD5119456006097B5349A0232AB@imail.d2k.com>
Thanks Boris. I'll follow your advice and read the docs a bit more.
They're a little confusing and the examples are really vague.
I think your explanation is much more helpful.
I've been running blind because I didn't understand the mandatory
attributes might be screwing me up. I didn't understand that there were
mandatory attributes. Maybe I need to get the O'Reilly book on LDAP.
I altered the data in root.ldif as you suggested but I still get the
"invalid data" error. The lack of documentation on the error messages
is keeping me in the dark on deciphering the problem.
[1812] cat ldifs/root.ldif
dn: dc=sdl,dc=org
objectclass: dcObject
objectclass: organization
o: SDL
dc: sdl
dn: cn=root, dc=sdl, dc=org
objectclass: organizationalRole
cn: root
-- root@gemini [/usr/local/etc/openldap] bash --
[1813] ldapadd -v -x -D "cn=root, dc=sdl, dc=org" -f ldifs/root.ldif -w
secret
ldap_initialize( <DEFAULT> )
add objectclass:
dcObject
organization
add o:
SDL
add dc:
sdl
adding new entry "dc=sdl,dc=org"
ldap_add: Invalid syntax
additional info: value contains invalid data
ldif_record() = 21
--------------------------------
Thanks. I think I'm getting close to having this work so then I could
study it a bit more.
On Wed, 12 Dec 2001, Boris Shpungin wrote:
> Ken,
>
> I see you've made some changes to your setup... First, make sure that you
> are starting out with a completely empty database (if there's something in
> your database already, it could interfere with the new entries you are
> trying to add.) With LDBM it's pretty simple: just delete all the files
> under /usr/local/var/openldap-ldbm (as specified in your slapd.conf).
>
> Secondly, your ldif file:
>
> [1750] cat ldifs/root.ldif
> dn: cn=root,dc=sdl,dc=org
> objectclass: dcobject
> objectclass: top
> objectclass: organization
> dc: sdl
>
> is pretty messed up. The root entry has to be of an organizationalRole
> objectclass, as per instructions (and in your case it isn't.) Secondly, you
> need a special entry that matches your suffix before you can add entries
> under the suffix. Here's what you want, given the setup you provided:
>
> dn: dc=sdl, dc=org
> objectclass: dcObject
> objectclass: organization
> o: SDL (or whatever description you want)
> dc: sdl
>
> dn: cn=root, dc=sdl, dc=org
> objectclass: organizationalRole
> cn: root
>
> You need to know several things here, which hold true not just for OpenLDAP
> but for any LDAP server.
>
> First, the various objectclasses you specify for an entry define its overall
> type. Each objectclass specifies any number of mandatory and optional
> attributes. Those attributes that are mandatory MUST be provided. For
> example, the dcObject objectclass requires you to specify the value of the
> dc attribute, while organizationalRole requires the cn attribute and
> organization requires the o attribute. To gain further insight into
> attributes and objectclasses, examine the
> /usr/local/etc/openldap/schema/core.schema file.
>
> Secondly, the leftmost component of the distinguished name (DN) of a new
> entry has to correspond to the name and value of one of the entry's
> attributes (the attribute based on which you want to ensure uniqueness of
> your entry in the LDAP tree.) For example, if you are adding a new entry
> for your suffix "dc=sdl,dc=org", then this new entry MUST include an
> attribute-value pair "dc: sdl"; note that the "cn=root,..." entry also has
> to include the "cn: root" statement. And so on.
>
> -Boris
>
My opinons aren't fit for public consumption