Re: using OpenLDAP client to change directory schema

[Michael StrÃder <michael@stroeder.com>]

Klaus Heinrich Kiwi wrote:
> On Tue, 2008-09-16 at 22:01 +0200, Michael StrÃder wrote:
>>> [root@pam ~]# ldapmodify -H ldap://host -D cn=root -w passwd -x -ZZ
>> -a -f /usr/share/doc/krb5-server-ldap-1.6.2/kerberos.ldif
>>> ldapmodify: invalid format (line 5) entry: "cn=schema"
>> You should provide the relevant excerpt of the LDIF file.
> 
> It's the regular MIT-Kerberos Schema that comes with krb5-server-ldap:
> http://anonsvn.mit.edu/cgi-bin/viewcvs.cgi/*checkout*/trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif?rev=19972

The file might not fully comply to RFC 2849 (LDIF).

> Looks like the client doesn't count the commented lines in the above
> error message, so I'm assuming the problematic lines to be:
> 
> dn: cn=schema
> changetype: modify
> add: attributetypes
> attributetypes: ( 2.16.840.1.113719.1.301.4.1.1
>                 NAME 'krbPrincipalName'
>                 EQUALITY caseExactIA5Match
>                 SUBSTR caseExactSubstringsMatch
>                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
> 
> 
> I must note that I can correctly import the above LDIF using IBM Server (ITDS 6.1) 'ldapmodify'.

Depends on how liberal the LDIF parser is. I'd clean up the file above:
- remove the comments
- clean-up line continuations
- separate each record by a *single* empty line
- watch out which line-endings are used

Ciao, Michael.