On Tuesday 10 June 2008 00:34:02 Ed Greenberg wrote:
Howard Chu wrote:
Aaron Richton wrote:
I added the following to my schema directory: dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
This is an LDIF-format schema file, typically for use with FDS/Sun JES/Netscape etc. Why don't you use the sudo.schema provided for OpenLDAP instead?
(or, you can grab it here: http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/openldap/current/... )
[...etc...]
and referenced it in slapd.conf as: include /etc/openldap/schema/sudoers.schema
This looks like you're mixing a classic config file and a back-config configuration. My guess is you need to include sudoers.schema using back-config.
It's not the correct syntax for either cn=config or slapd.conf. Remember that in 2.3 and earlier, invalid keywords in slapd.conf are silently ignored...
Many good answers, for which I'm thankful...
The problem turns out to be a syntax error, not in the attributes but in the object class:
Resolved by changing
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 ...
to
objectClass ( 1.3.6.1.4.1.15953.9.2.1 ...
But, it works because it is ignoring the ldif parts, and you've broken the ldif parts to look like a normal OpenLDAP schema definition ... now technically the file is neither ...
Regards, Buchan