RE: Adding saslAuthzFrom attribute

["Howard Chu" <hyc@highlandsun.com>]

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Chee Wai Yeung

> I still cannot get it to work. I cannot add
> saslAuthzTo either to a normal (objectclass=person)
> DN. ldapmodify still complains that the attribute type
> is not found:
>
> dn: cn=user,ou=organization,dc=example,dc=com
> changetype: add
> add: saslAuthzTo
> saslAuthzTo: cn=Manager,dc=example,dc=com
>
> adding new entry
> "cn=user,ou=organization,dc=exaample,dc=com"
> ldapmodify: update failed:
> cn=user,ou=organization,dc=example,dc=com
> ldap_add: Undefined attribute type (17)
>         additional info: add: attribute type undefined
>
> I checked the mailinglists, admin guide, man page of
> slapd.conf, etc, but still could not find any
> information.
>
> Please help.
> Thanks
> Chee Wai

This is not a schema problem. Your LDIF syntax is wrong. The error message
tells you that the "add" attribute type is undefined, because using
"changetype: add" means to add a new entry to the directory. All the lines
following the "changetype:" are being treated as attributes of a new entry,
rather than as specifiers of a modify command. You should have used
"changetype: modify" to alter an existing entry:

 dn: cn=user,ou=organization,dc=example,dc=com
 changetype: modify
 add: saslAuthzTo
 saslAuthzTo: cn=Manager,dc=example,dc=com

You should have realized your command syntax was wrong by the fact that you
issued an ldapmodify command but got an error message from ldap_add, not
ldap_modify. You should also have realized your command was wrong by the fact
that the error message complains about an "add" attribute type, which has
nothing to do with what you were trying to accomplish.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support