[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapadd and schemacheck in 2.1.18

To: <openldap-software@OpenLDAP.org>
Subject: Re: slapadd and schemacheck in 2.1.18
From: "Carl Litt" <carl@execulink.com>
Date: Fri, 9 May 2003 17:34:54 -0400
References: <lzy91hjsg7.fsf@lav.hac.hr> <3EBA8C8E.7090902@xonix.com>

There is actually a 3rd requirement if you're using OpenLDAP 2.1 (which
he appears to be by the entryUUID attribute):

3) That each entry has exactly one STRUCTURAL objectclass (no more, no
less)

This is actually more proper, it's just that previous versions never
enforced this.  So if you're at it anyways, might as well do it right.

If Miroslav's case, objectClass: organization is his structural
objectclass, so he could use objectClass: dcObject to allow for 'dc'.
If he didn't already have a structural objectclass, he could use
"domain", which is structural and also allows for 'dc'.  (I ran into
this this week during my upgrade).

Carl Litt
Network Administrator
Execulink Internet


----- Original Message -----
From: "Ugen" <ugen@xonix.com>
To: "Miroslav Zubcic" <hac+lists.openldap.software@hac.hr>
Cc: <openldap-software@OpenLDAP.org>
Sent: Thursday, May 08, 2003 12:57 PM
Subject: Re: slapadd and schemacheck in 2.1.18


> If you don't want to turn off schema checking. you need
> to make sure that your data complies with the schema.
> The requirements to add an entry are two:
> 1) that all attributes be allowed by objectclasses to which it
> belongs
> 2) that RDN of the entry be present as one of the attributes
>
> So, you need dc=hac to be an attribute in your entry. But
> object classes "top" and "organization" do not have attribute
> "dc" in a standart schema.
>
> So to fix this you may need to add "dcObject" as an object class
> for this entry. Fortunately, that class does not require any other
> attributes.
>
>
> --Ugen
>
> Miroslav Zubcic wrote:
>
> >How am I supposed to add contents of my database back in place with
> >slapadd(8)? (Besides turning off schemacheck in slapd.conf(5)
> >temporary for that operation).
> >
> >sve.ldif is slapcat(8) dump.
> >
> >(root){lav}[hac]# slapadd < ../../sve.ldif
> >slapadd: dn="dc=hac,dc=hr" (line=12): (64) naming attribute 'dc' is
not present in entry
> >
> >dn="dc=hac,dc=hr" is root of the database:
> >
> >dn: dc=hac,dc=hr
> >objectClass: top
> >objectClass: organization
> >o: HAC d.o.o.
> >structuralObjectClass: organization
> >entryUUID: ee9a1b6a-aad9-1026-9e39-950d8768b1ec
> >creatorsName: cn=ldapadm,dc=hac,dc=hr
> >modifiersName: cn=ldapadm,dc=hac,dc=hr
> >createTimestamp: 20021223154957Z
> >modifyTimestamp: 20021223154957Z
> >entryCSN: 2002122315:49:57Z#0x0001#0#0000
> >
> >if I add this in entry:
> >
> >dc: hac
> >dc: hr
> >
> >(root){lav}[hac]# slapadd < ../../sve.ldif
> >slapadd: dn="dc=hac,dc=hr" (line=14): (19) attribute 'dc' cannot have
multiple values
> >
> >If I remove dc=hr for example ...
> >
> >(root){lav}[hac]# slapadd < ../../sve.ldif
> >slapadd: dn="dc=hac,dc=hr" (line=13): (65) attribute 'dc' not allowed
> >
> >Has anybody found the `right' way out of this nerve game? :-)
> >
> >
> >
> >
> >
>
>
>
>

References:
- slapadd and schemacheck in 2.1.18
  - From: Miroslav Zubcic <hac+lists.openldap.software@hac.hr>
- Re: slapadd and schemacheck in 2.1.18
  - From: Ugen <ugen@xonix.com>

Prev by Date: RE: ldap traffic encryption with kerberos
Next by Date: Fw: openldap+syslog question
Index(es):
- Chronological
- Thread