[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX



Konstantin Boyandin wrote:
Hello,

OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.

In order to enable ppolicy overlay, I am trying to create the relevant
entries, as specified in

http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies

I import two LDIFs, first:

dn: ou=Policies,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Policies

and second

dn: cn=default,ou=Policies,dc=example,dc=com
cn: default
objectClass: top
objectClass: pwdPolicy
objectClass: person
pwdAllowUserChange: TRUE
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit: 2
pwdInHistory: 5
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdMaxAge: 7776000
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 5
pwdMustChange: FALSE
pwdSafeModify: FALSE
sn: dummy value

The first loads OK.
When I try to import the second, I receive this diagnostics:

Could not add object cn=default,ou=Policies,dc=itelsib,dc=com
Message: Invalid syntax
Error code: 0x15 (LDAP_INVALID_SYNTAX)
Error description: An invalid attribute value was specified.

Could someone suggest what's wrong with the attribute name?

OpenLDAP never produces the text you provided above. It seems you're using some other LDAP tool to do this import, and it is not showing you the actual error message sent from the server. OpenLDAP slapd will always identify the actual attribute and value that causes an error. I suggest you try importing this entry with OpenLDAP's ldapadd and examine the error message from there.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/