Klaus Heinrich Kiwi wrote:
On Tue, 2008-09-16 at 22:01 +0200, Michael Ströder wrote:
[root@pam ~]# ldapmodify -H ldap://host -D cn=root -w passwd -x -ZZ
-a -f /usr/share/doc/krb5-server-ldap-1.6.2/kerberos.ldif
ldapmodify: invalid format (line 5) entry: "cn=schema"
You should provide the relevant excerpt of the LDIF file.
It's the regular MIT-Kerberos Schema that comes with krb5-server-ldap: http://anonsvn.mit.edu/cgi-bin/viewcvs.cgi/*checkout*/trunk/src/plugins/kdb/...
The file might not fully comply to RFC 2849 (LDIF).
Looks like the client doesn't count the commented lines in the above error message, so I'm assuming the problematic lines to be:
dn: cn=schema changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
I must note that I can correctly import the above LDIF using IBM Server (ITDS 6.1) 'ldapmodify'.
Depends on how liberal the LDIF parser is. I'd clean up the file above: - remove the comments - clean-up line continuations - separate each record by a *single* empty line - watch out which line-endings are used
Ciao, Michael.