[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[openldap-technical] OpenLDAP custom schema [dummy question]
- To: openldap-technical@openldap.org
- Subject: [openldap-technical] OpenLDAP custom schema [dummy question]
- From: Alexandru Ocheana <arhanghel@info.uaic.ro>
- Date: Fri, 31 Mar 2017 22:48:45 +0300
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
Hi all,
My name is Alex and I recently joined this list because I can't find
some straight forward guidelines and nothing seems to work for me. Of
course it is a dummy question and I know you saw it many time but I am
sure that I'm missing something very very simple in fact. If you want,
please help me because I am a bit lost and I don't know how to move forward.
I am trying to setup an OpenLDAP server on Centos 7. This is my first
time, so please take me easy :))
I will try to reproduce my steps because being my first time error may
occur at any moment but I strongly want to learn OpenLDAP.
My goal is to add some custom fields (atributeType) into Ldap DB. I know
there can be a workaround for this, like add the data into inetOrgPerson
schema but I want a new Schema, defined for what I need. Basically this
schema will contain supplementary informations about students like
(ID-Number, University Assigned Number, contact email, address, name
after marriage, etc).
Here are all steps I've done (successfully I believe):
install and configure OpenLDAP from here:
https://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=1
----
I've tried to create my new schema like this (I have my private IANA OID):
-----------------------------------
info.schema
----
attributetype ( 1.3.6.1.4.1.49565.1.1.1
NAME 'cnp'
DESC 'Cod Numeric Personal'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 1.3.6.1.4.1.49565.1.1.2
NAME 'emailContact'
DESC 'Email for external user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
objectclass (
1.3.6.1.4.1.49565.1.2.1
NAME 'infoVCard'
DESC 'Extra Information Card'
AUXILIARY )
-----------------------------------
* Moved to /tmp/slapd folder and created an info.conf file:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/info.schema
* transformed info.schema to ldif
slaptest -f info.conf -F .
config file testing succeeded
* moved to cn=config/cn=schema and all 5 files are here:
-rw-------. 1 root root 15546 Mar 31 22:15 cn={0}core.ldif
-rw-------. 1 root root 11363 Mar 31 22:15 cn={1}cosine.ldif
-rw-------. 1 root root 6495 Mar 31 22:15 cn={2}nis.ldif
-rw-------. 1 root root 2857 Mar 31 22:15 cn={3}inetorgperson.ldif
-rw-------. 1 root root 890 Mar 31 22:15 cn={4}info.ldif
--------------------------------------------
* edited cn={4}info.ldif like so:
--------------------------------------------
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 bc62c5f1
dn: cn=info,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: info
olcAttributeTypes: {0}( 1.3.6.1.4.1.49565.1.1.1 NAME 'cnp' DESC 'Cod Numeric
Personal' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{32768} )
olcAttributeTypes: {1}( 1.3.6.1.4.1.49565.1.1.2 NAME 'emailContact' DESC 'Em
ail for external user' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
olcObjectClasses: {0}( 1.3.6.1.4.1.49565.1.2.1 NAME 'infoVCard' DESC 'Extra
Information Card' AUXILIARY )
-------------------------------------------
* copied info.ldif from /tmp to /etc/openldap/schema/info.ldif
* load info.ldif into OpenLDAP
ldapadd -Y EXTERNAL -H ldapi:/// -f info.ldif
OUTPUT of above command:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=info,cn=schema,cn=config"
------------------------------------
I suppose everything is correct because at
/etc/openldap/slapd.d/cn=config/cn=schema now appears my cn={4}info.ldif
file with the following content:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 a48aaa49
dn: cn={4}info
objectClass: olcSchemaConfig
cn: {4}info
olcAttributeTypes: {0}( 1.3.6.1.4.1.49565.1.1.1 NAME 'cnp' DESC 'Cod Numeric
Personal' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{32768} )
olcAttributeTypes: {1}( 1.3.6.1.4.1.49565.1.1.2 NAME 'emailContact' DESC 'Em
ail for external user' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
olcObjectClasses: {0}( 1.3.6.1.4.1.49565.1.2.1 NAME 'infoVCard' DESC 'Extra
Information Card' AUXILIARY )
structuralObjectClass: olcSchemaConfig
entryUUID: 9d56682a-aa93-1036-9882-31e47bf02dae
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20170331192559Z
entryCSN: 20170331192559.397549Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20170331192559Z
---------------------------------------
Now, till here everything worked smooth but from this step forward
everything turns into a nightmare. How do I add data using this new
schema? I've tried this:
ldapuser.ldif
---
dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Alexandru
sn: Ocheana
userPassword: {SSHA}BBxUpzvO93HlFEFPSkexvXA7G06UBYO4
loginShell: /bin/bash
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/alex
## -------------------------
## HERE I BELIEVE IS AN ERROR BUT WHICH IS THE CORRECT WAY TO ADD IT?
## THIS PART IS TO ADD DATA TO THAT NEW SCHEMA
## -------------------------
dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro
objectClass: infoVCard
cnp: myCNP
emailContact: otheremail@gmail.com
dn: cn=alex,ou=Group,dc=info,dc=uaic,dc=ro
objectClass: posixGroup
cn: Alex
gidNumber: 2000
memberUid: alex
----
I am trying to add this to OpenLDAP like so:
ldapadd -x -D cn=Manager,dc=info,dc=uaic,dc=ro -W -f ldapuser.ldif
After asking for password I am getting this output:
adding new entry "uid=alex,ou=People,dc=info,dc=uaic,dc=ro"
adding new entry "uid=alex,ou=People,dc=info,dc=uaic,dc=ro"
ldap_add: Object class violation (65)
additional info: no structural object class provided
My logic tells me that my infoVCard should be bound somehow to first set
as inetPersonOrg (I've read about this but I don't know how to really
achieve this ... I know about SUP but I am lost at this point).
Can you bring some light into my head please? What I am missing?
Thank you very much for your time!
Regards,
Alexandru Ocheana