Good afternoon,
I'm testing OpenLDAP 2.4.7 in a lab and trying to import my production data using slapcat/slapadd. Whenever I try to import the data into the newly created database, I get the following error:
# slapadd -v -F /etc/openldap/slapd.d -l slapcat.out str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapadd: could not parse entry (line=1)
I've turned up debugging which gives no further information (that I'm able to interpret as errors). I did see a message from a web search which indicated that I might not have the proper schemas loaded, so I generated another slapd.d after adding the following schemas:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/corba.schema include /etc/openldap/schema/autofs.schema include /etc/openldap/schema/calendar.schema include /etc/openldap/schema/collective.schema include /etc/openldap/schema/cron.schema include /etc/openldap/schema/dhcp.schema include /etc/openldap/schema/dnszone.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/evolutionperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/kerberosobject.schema include /etc/openldap/schema/kolab.schema include /etc/openldap/schema/krb5-kdc.schema include /etc/openldap/schema/ldapns.schema include /etc/openldap/schema/misc.schema
...so I believe I have the appropriate schemas loaded for this to work.
(I didn't see any information in the OpenLDAP admin guide which documents this issue.)
Any ideas as to why this might be occurring or tips on troubleshooting?
TIA,
--On January 9, 2008 2:10:43 PM -0800 Josh Miller joshua@itsecureadmin.com wrote:
Good afternoon,
I'm testing OpenLDAP 2.4.7 in a lab and trying to import my production data using slapcat/slapadd. Whenever I try to import the data into the newly created database, I get the following error:
Any ideas as to why this might be occurring or tips on troubleshooting?
Do you get the same issue using a slapd.conf file for 2.4.7?
What are the first 4 lines of your LDIF file?
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Josh Miller wrote:
Good afternoon,
I'm testing OpenLDAP 2.4.7 in a lab and trying to import my production data using slapcat/slapadd. Whenever I try to import the data into the newly created database, I get the following error:
# slapadd -v -F /etc/openldap/slapd.d -l slapcat.out str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapadd: could not parse entry (line=1)
I've turned up debugging which gives no further information (that I'm able to interpret as errors). I did see a message from a web search which indicated that I might not have the proper schemas loaded, so I generated another slapd.d after adding the following schemas:
(I didn't see any information in the OpenLDAP admin guide which documents this issue.)
Any ideas as to why this might be occurring or tips on troubleshooting?
It would probably help if you posted what values for objectClass you're trying to load in that particular entry.
Quanah Gibson-Mount wrote:
--On January 9, 2008 2:10:43 PM -0800 Josh Miller joshua@itsecureadmin.com wrote:
I'm testing OpenLDAP 2.4.7 in a lab and trying to import my production data using slapcat/slapadd. Whenever I try to import the data into the newly created database, I get the following error:
Do you get the same issue using a slapd.conf file for 2.4.7?
What are the first 4 lines of your LDIF file?
The first object in the LDIF is:
dn: dc=example,dc=org dc: example objectClass: top objectClass: domain structuralObjectClass: domain creatorsName: cn=manager,dc=example,dc=org createTimestamp: 20041123223958Z modifiersName: cn=manager,dc=example,dc=org modifyTimestamp: 20041123223958Z entryUUID: 2d58e2e8-7b0d-102b-85a3-4f7ba9469bfa entryCSN: 20070409174039Z#000000#00#000000 contextCSN: 20080108211429Z#000000#00#000000
I have not yet tried it with a slapd.conf file, I will try that tomorrow.
I did try to remove the directory dependent items (creator, Timestamp, CSN, UUID) and start the server and perform an ldapadd with some success, but I was only able to ldapadd the dcobject and ou objects -- (I'm troubleshooting another error with that).
TIA,
Josh Miller Ditree Consulting http://ditree.com/
Joshua Miller wrote:
Quanah Gibson-Mount wrote:
--On January 9, 2008 2:10:43 PM -0800 Josh Miller joshua@itsecureadmin.com wrote:
I'm testing OpenLDAP 2.4.7 in a lab and trying to import my production data using slapcat/slapadd. Whenever I try to import the data into the newly created database, I get the following error:
Do you get the same issue using a slapd.conf file for 2.4.7?
What are the first 4 lines of your LDIF file?
The first object in the LDIF is:
dn: dc=example,dc=org dc: example objectClass: top objectClass: domain
Are you sure you loaded the schema containing declaration of object class 'domain'?
Ciao, Michael.
Quanah Gibson-Mount wrote:
--On January 9, 2008 2:10:43 PM -0800 Josh Miller joshua@itsecureadmin.com wrote:
I'm testing OpenLDAP 2.4.7 in a lab and trying to import my production data using slapcat/slapadd. Whenever I try to import the data into the newly created database, I get the following error:
Do you get the same issue using a slapd.conf file for 2.4.7?
I have tried it with the configuration file, slapd.conf with a little more success, although still a failure.
# slapadd -l portseattle.ldif.backup bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/openldap-data: (2). Expect poor performance for suffix "dc=example,dc=org". <= str2entry: str2ad(pwdHistory): attribute type undefined slapadd: could not parse entry (line=79)
(line 79 starts a posixAccount user object which contains two pwdHistory attributes/values)
Isn't the pwdHistory attribute an internal attribute? I see that it's included in the ppolicy schema file but commented out which reflects my production system running version 2.3.34 where this data was taken using slapcat. I do have the ppolicy schema loaded.
TIA,
Michael Ströder wrote:
Joshua Miller wrote:
Quanah Gibson-Mount wrote:
--On January 9, 2008 2:10:43 PM -0800 Josh Miller joshua@itsecureadmin.com wrote:
I'm testing OpenLDAP 2.4.7 in a lab and trying to import my production data using slapcat/slapadd. Whenever I try to import the data into the newly created database, I get the following error:
The first object in the LDIF is:
dn: dc=example,dc=org dc: example objectClass: top objectClass: domain
Are you sure you loaded the schema containing declaration of object class 'domain'?
I think this is the key, I suppose I assumed that when I converted the slapd.conf to slapd.d that it would add the schemas to cn=schema,cn=config by default. Searching the DIT returns no results related to a domain objectclass:
# ldapsearch -x -H ldap://localhost/ -D "cn=config" -b 'cn=schema,cn=config' -W | grep domain Enter LDAP Password: r uniquely identifying a user in an administrative domain' EQUALITY integerMa r uniquely identifying a group in an administrative domain' EQUALITY integerM olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainCompone nt' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBST SC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBST
I was able to add some schemas to the directory, and now I get the same error that I get when using the slapd.conf file:
# ldapadd -x -H ldap://localhost/ -D "cn=config" -W -f schema/archive/cosine.ldif Enter LDAP Password: adding new entry "cn=cosine,cn=schema,cn=config"
# ldapadd -x -H ldap://localhost/ -D "cn=config" -W -f schema/archive/inetorgperson.ldif Enter LDAP Password: adding new entry "cn=inetorgperson,cn=schema,cn=config"
# ldapadd -x -H ldap://localhost/ -D "cn=config" -W -f schema/archive/nis.ldif Enter LDAP Password: adding new entry "cn=nis,cn=schema,cn=config"
# ldapadd -x -H ldap://localhost/ -D "cn=config" -W -f schema/archive/openldap.ldif Enter LDAP Password: adding new entry "cn=openldap,cn=schema,cn=config"
# slapadd -F slapd.d -l directory.ldif.backup <= str2entry: str2ad(pwdHistory): attribute type undefined slapadd: could not parse entry (line=79)
It fails on pwdHistory which is not defined in any schemas (although commented out in ppolicy)??
TIA,
Josh Miller wrote:
Michael Ströder wrote:
Are you sure you loaded the schema containing declaration of object class 'domain'?
I think this is the key, I suppose I assumed that when I converted the slapd.conf to slapd.d that it would add the schemas to cn=schema,cn=config by default.
Yes, it does. But slapd.conf would have to import file cosine.schema at that time.
# ldapadd -x -H ldap://localhost/ -D "cn=config" -W -f schema/archive/cosine.ldif Enter LDAP Password: adding new entry "cn=cosine,cn=schema,cn=config"
Yes, object class 'domain' is defined therein.
It fails on pwdHistory which is not defined in any schemas (although commented out in ppolicy)??
You have to load overlay slapo-ppolicy because attribute type 'pwdHistory' is hard-coded therein.
Ciao, Michael.
Michael Ströder wrote:
Joshua Miller wrote: It fails on pwdHistory which is not defined in any schemas (although commented out in ppolicy)??
You have to load overlay slapo-ppolicy because attribute type 'pwdHistory' is hard-coded therein.
Ciao, Michael.
Ok, I had to remove my slapd.d directory and re-generate the config from my slapd.conf file. I then saw that the ppolicy information was included and I was able to get past this.
Thanks for your help,
openldap-software@openldap.org