Re: Adding additional schema - objectClass: value #1 invalid per syntax

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Tuesday 10 June 2008 00:34:02 Ed Greenberg wrote:
> Howard Chu wrote:
> > Aaron Richton wrote:
> >>> I added the following to my schema directory:
> >>> dn: cn=schema
> >>> attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC
> >>> 'User(s) who
> >>> may run sudo' EQUALITY caseExactIA5Match SUBSTR
> >>> caseExactIA5SubstringsMatch
> >>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

This is an LDIF-format schema file, typically for use with FDS/Sun 
JES/Netscape etc. Why don't you use the sudo.schema provided for OpenLDAP 
instead?

(or, you can grab it here: 
http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/openldap/current/SOURCES/sudo.schema?revision=85700&view=markup
)

> >>
> >> [...etc...]
> >>
> >>> and referenced it in slapd.conf as:
> >>> include         /etc/openldap/schema/sudoers.schema
> >>
> >> This looks like you're mixing a classic config file and a back-config
> >> configuration. My guess is you need to include sudoers.schema using
> >> back-config.
> >
> > It's not the correct syntax for either cn=config or slapd.conf.
> > Remember that in 2.3 and earlier, invalid keywords in slapd.conf are
> > silently ignored...
>
> Many good answers, for which I'm thankful...
>
> The problem turns out to be a syntax error, not in the attributes but in
> the object class:
>
> Resolved by changing
>
> objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 ...
>
>
> to
>
> objectClass ( 1.3.6.1.4.1.15953.9.2.1 ...

But, it works because it is ignoring the ldif parts, and you've broken the 
ldif parts to look like a normal OpenLDAP schema definition ... now 
technically the file is neither ...


Regards,
Buchan