Re: using OpenLDAP client to change directory schema

On Tue, 2008-09-16 at 22:01 +0200, Michael StrÃder wrote:
> > [root@pam ~]# ldapmodify -H ldap://host -D cn=root -w passwd -x -ZZ
> -a -f /usr/share/doc/krb5-server-ldap-1.6.2/kerberos.ldif
> > ldapmodify: invalid format (line 5) entry: "cn=schema"
> You should provide the relevant excerpt of the LDIF file.

It's the regular MIT-Kerberos Schema that comes with krb5-server-ldap:

Looks like the client doesn't count the commented lines in the above
error message, so I'm assuming the problematic lines to be:

dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 2.16.840.1.113719.1.301.4.1.1
                NAME 'krbPrincipalName'
                EQUALITY caseExactIA5Match
                SUBSTR caseExactSubstringsMatch

I must note that I can correctly import the above LDIF using IBM Server (ITDS 6.1) 'ldapmodify'.



Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
Linux Security Development, IBM Linux Technology Center