[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap newbie

>OK... I think I figured out the answer to my own question with the help
>of slapadd's debugging- It seems that maybe I'm using a v2 schema
>instead of a v3 schema- I can't find any information on the specific
>differences b/w the two schemas.

No, what you have below is an LDAPv3 schema,  LDAPv2 schema are much
simpler.  You need to go back to the documentation of 1.x OpenLDAP for
info on LDAPv2 schema, and it isn't worth the trouble.

>Can someone please tell me if I am correct, and where I might be able to
>find such information.
>As a side point, the documentation for openldap is very confusing...
>Specifically examples in the documentation are not consistent in terms
>of syntax. Also there are little to no examples of schemas that don't
>base themselves on standard schemas. Just my opinion.

IMHO, all schemas should base themselves on the standard schemas,
wherever possible.  One of the points of LDAP is interoperability.  The
core schema are actually quite complete.

>> attributetype ( jctAttrib:0 NAME ( 'jctFullName' $ 'jctFN' )
>>         DESC 'Full Name Associated with a Person'
>>         EQUALITY caseIgnoreMatch
>>         SUBSTR caseIgnoreSubstringsMatch
>>         SYNTAX{32768}

Isn't this exactly what the "cn" attribute is?  Why not use "cn"?

Also, I don't understand "NAME ( 'jctFullName' $ 'jctFN' )"  I'm pretty
certain the "$" is incorrect,  you just want a white space delimited

>> attributetype ( jctAttrib:1 NAME ( 'jctMisparZehut' $ 'jctTZ' )
>>         DESC 'Identification Number associated with a person'
>>         EQUALITY numericStringMatch
>>         SYNTAX{32768}
>>         SINGLE-VALUE

Why no uidNumber, or x500UniqueIdentifier, or uniqueIdentifier;
whichever is most appropriate.

>>the error a schema like this produced was:
>>jct.schema:  line 27: Expecting a name before 'jctFN' ) DESC 
>>'Full Name Associated with a Person' EQUALITY caseIgnoreMatch SUBSTR 
>>caseIgnoreSubstringsMatch	SYNTAX{32768}
>>AttributeTypeDescription = ....

Remove the dollar sign.

This message undoubtedly processed by the purely benevolent "US
Department of Homeland Security",  but don't worry... they're
only goal is to protect life, liberty and the pursuit of property.