[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Error adding schema: empty AttributeDescription

To: Prentice Bisbal <pbisbal@pppl.gov>, openldap-technical@openldap.org
Subject: Re: Error adding schema: empty AttributeDescription
From: Sami <s.aitalioulahcen@cnrst.ma>
Date: Thu, 11 May 2017 11:15:36 +0100
Dkim-filter: OpenDKIM Filter v2.7.1 mta.cnrst.ma 04A3AA29FD
Dkim-filter: OpenDKIM Filter v2.7.1 mta.cnrst.ma 79E21DFBF0
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cnrst.ma; s=selector; t=1494499377; bh=1fXOSbPuRJDzh1PXGI4YTtUPuv6kG42+D5WPtw7uLPk=; h=Subject:To:From:Message-ID:Date:MIME-Version:Content-Type; b=lBCooxRwcdkoaB3K+wvLEZKEZ3m0OpS587Y50bubW9mpjDF7F5alHj57WOMhLYvhC u1mvUELhJfN17JLA5h8Rqq0jabxETckemy+vCAJAetHJUjmeZrIh3AOpUKgvW3PZMr vCDVxmRW4GrRuNRqJwG/WxVmxDqdOHDJ3Q9VFvtk=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cnrst.ma; s=selector; t=1494498849; bh=1fXOSbPuRJDzh1PXGI4YTtUPuv6kG42+D5WPtw7uLPk=; h=Subject:To:From:Message-ID:Date:MIME-Version:Content-Type; b=ZSe3MTeG25SUHki88w73TU8cnGkLGc7mlyGsDh2Pm3e0sBgwFTNt4dZPHwJUueEmY bzHkU9d2jJivc7dTecrxp7byP4I3fdCx92wVKzHCfYpvuQrXp+6qxDnX5SmMJrMNAA DgCMoZfu2Swvtqr9Z+4bxa+cPKqlav5wTMfGj12o=
Dmarc-filter: OpenDMARC Filter v1.3.2 mta.cnrst.ma BF39BA29FC
In-reply-to: <710875e5-51ae-a73d-506a-69dcc527c9ff@pppl.gov>
References: <710875e5-51ae-a73d-506a-69dcc527c9ff@pppl.gov>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

Hello,

The attribute type description, as per RFC2252, requires a space before
the closing parenthesis. It might be what's causing the error.

- -
Sami

On 10/05/2017 22:28, Prentice Bisbal wrote:
> Hello,
>
> I'm in the middle of upgrading our existing LDAP servers to new
> systems running OpenLDAP 2.4.40 on CentOS 6.9. I have over 10 years of
> experience managing LDAP directories in relatively simple
> environments, but this is my first time trying to use the dynamic
> runtime configuration engine.
>
> I'm trying to add all the schemas I need with slapadd before I add a
> dump of the directory from our old servers with slapadd. I need a
> kerberos schema, so I copied the kerberos schema from
> /usr/share/doc/krb5-server-ldap-1.10.3/kerberos.ldif, to
> /etc/openldap/schema and modified it so it could be added with slapadd
> rather than ldapmodify, like all the other files in that directory.
>
> Here's an example of the start of the file after making those changes:
>
> dn: cn=kerberos,cn=schema,cn=config
> objectClass: olcSchemaConfig
> cn: kerberos
> olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME
> 'krbPrincipalName'
>                 EQUALITY caseExactIA5Match
>         SUBSTR caseExactSubstringsMatch
>                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
> olcAttributeTypes: ( 1.2.840.113554.1.4.1.6.1
>                 NAME 'krbCanonicalName'
>                 EQUALITY caseExactIA5Match
>                 SUBSTR caseExactSubstringsMatch
>                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>                 SINGLE-VALUE)
>
> olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.3.1
>                 NAME 'krbPrincipalType'
>                 EQUALITY integerMatch
>                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
>                 SINGLE-VALUE)
>
>
> When I try to add that file with slapadd. I get this error:
>
> # slapadd  -n0 -F /etc/openldap/slapd.d -l kerberos.ldif
>                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)): empty
> AttributeDescription
> slapadd: could not parse entry (line=1)
> _#                      6.36% eta   none elapsed            none spd 
> 18.6 M/s
> Closing DB...
>
> Running the same command debugging set to -1, I get the following:
>
>
> 59138493 => str2entry: "dn: cn=kerberos,cn=schema,cn=config
> objectClass: olcSchemaConfig
> cn: kerberos
> olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME
> 'krbPrincipalName'
>                 EQUALITY caseExactIA5Match
>         SUBSTR caseExactSubstringsMatch
>                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
> "
> 59138493 >>> dnPrettyNormal: <cn=kerberos,cn=schema,cn=config>
> 59138493 <<< dnPrettyNormal: <cn=kerberos,cn=schema,cn=config>,
> <cn=kerberos,cn=schema,cn=config>
> 59138493 <= str2entry NULL (parse_line)
>                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)): empty
> AttributeDescription
> slapadd: could not parse entry (line=1)
> 59138493 slapadd shutdown: initiated
> 59138493 slapadd destroy: freeing system resources.
>
> Any ideas what I'm doing wrong? I made similar changes to an autofs
> schema file, and I was able to add that just fine. Do I need to number
> each olcAttributeType entry by putting a number in curly braces ({0},
> {1,}, etc.) at the start of each olcAttributeTypes entry?
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Error adding schema: empty AttributeDescription
  - From: Prentice Bisbal <pbisbal@pppl.gov>

References:
- Error adding schema: empty AttributeDescription
  - From: Prentice Bisbal <pbisbal@pppl.gov>

Prev by Date: Error adding schema: empty AttributeDescription
Next by Date: Re: Antw: overlay ppolicy - atribute pwdhistory
Index(es):
- Chronological
- Thread