[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Inconsistent duplicate attributeType: "memberOf"



My mail still doesn't seem to have reached the list, if it ever does:

I've found that the memberOf Attribute is added to the schema by the
memberof overlay. As I'm required to use the RPM that comes with SusE
SLES, I gave in and renamed the attribute in our schema - case closed :)


On 7/13/11 5:32 PM, Christian Ramseyer wrote:
> (sorry if this appears twice, I've posted this some time ago before I
> was subscribed to the list and it didn't seem to appear)
> 
> I'm trying to migrate an LDAP from Solaris/OpenLDAP 2.3 to
> Linux/OpenLDAP 2.4, and I have an issue with a custom schema:
> 
> # slaptest -f etc/slapd.conf
> /data/openldap/etc/schema/nxx.schema: line 10 attributetype:
> Inconsistent duplicate attributeType: "memberOf"
> 
> Now the problem is, I have no idea where this previous definiton of
> memberOf comes from....
> 
> These are the included schemas:
> 
> # grep include etc/slapd.conf
> include      /data/openldap/etc/schema/core.schema
> include     /data/openldap/etc/schema/cosine.schema
> include     /data/openldap/etc/schema/inetorgperson.schema
> include     /data/openldap/etc/schema/nis.schema
> include     /data/openldap/etc/schema/nxx.schema
> 
> And none of them besides nxx defines a memberOf:
> 
> # grep memberOf etc/schema/*
> etc/schema/nxx.schema:attributetype ( NxxLDAPattributeType:1 NAME 'memberOf'
> etc/schema/nxx.schema:		MAY ( memberOf $ host $ lastLogin $
> passwordHistory $ loginFailures $ passwordRecoveryMailAddress $
> passwordRecoveryChallenge) )
> 
> <end of grep output>
> 
> Also, nxx defines it only once (it's pasted below).
> 
> After commenting nxx and generating a config directory with slaptest, I
> found this in cn=schema.ldif:
> 
> # grep memberOf openldap-config/cn\=config/cn\=schema.ldif
> olcAttributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group
> that t
> 
> Where does this come from? Apparently not from the schemas I included,
> as a grep for memberOf doesn't return anything. There are also no other
> includes in these schema files.
> Is there any default schema data included besides what is given in
> include statements? Can I somehow get rid of this?
> 
> Any help appreciated. Also I know that the attribute in the custom
> schema had better been prefixed, but this is an installation running
> since 2004 and "memberOf" is in scripts all over the place, so I'd
> rather not rename it.
> 
> Thanks
> Christian
> 
> 
> nxx.schema
> 
> objectIdentifier NxxRoot 1.3.6.1.4.1.21654
> 
> objectIdentifier NxxLDAP NxxRoot:3
> objectIdentifier NxxLDAPattributeType NxxLDAP:1
> objectIdentifier NxxLDAPobjectClass NxxLDAP:2
> 
> attributetype ( NxxLDAPattributeType:1 NAME 'memberOf'
>         EQUALITY caseExactIA5Match
>         SUBSTR caseExactIA5SubstringsMatch
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
> 
> # for password aging
> attributetype ( NxxLDAPattributeType:2 NAME 'lastLogin'
>         DESC 'Stores the last successful login of a user'
>         EQUALITY integerMatch
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> 
> attributetype ( NxxLDAPattributeType:3 NAME 'passwordHistory'
>         DESC 'Stores all password ever used by a user'
>         EQUALITY caseExactIA5Match
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
> 
> attributetype ( NxxLDAPattributeType:4 NAME 'loginFailures'
>         DESC 'Stores successives login failures for a user'
>         EQUALITY integerMatch
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> 
> attributetype ( NxxLDAPattributeType:5 NAME 'passwordRecoveryMailAddress'
>         EQUALITY caseExactIA5Match
>         DESC 'Stores mail address for self password recovery'
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
> 
> attributetype ( NxxLDAPattributeType:6 NAME 'passwordRecoveryChallenge'
>         DESC 'Stores challenge for self password recovery'
>         EQUALITY caseExactIA5Match
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
> 
> objectclass ( NxxLDAPobjectClass:1 NAME 'OssAccount' SUP top AUXILIARY
>         DESC 'Additional attributes for OSS Accounts'
>         MUST uid
> 		MAY ( memberOf $ host $ lastLogin $ passwordHistory $ loginFailures $
> passwordRecoveryMailAddress $ passwordRecoveryChallenge) )
> 
> objectclass ( NxxLDAPobjectClass:2 NAME 'OssHost' SUP top AUXILIARY
>         DESC 'Additional attributes for OSS Accounts'
>         MUST uid
>         MAY ( host ) )
> 
>