Dear list,
I like to have a multidomain structure in openLDAP. below is my ldif but slapadd reports error because of the domain mis-configuration. could any one kindly help me to fix the problem ?
----------------------------------------------------------------------------- dn: dc=linux,dc=box ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
dn: o=kolkata.in,dc=linux,dc=box objectClass: domain o: kolkata.in structuralObjectClass: domain
dn: ou=adrbook-kol,o=kolkata.in,dc=linux,dc=box ou: adrbook-kol objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Users,o=kolkata.in,dc=linux,dc=box ou: Users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Groups,o=kolkata.in,dc=linux,dc=box ou: Groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: o=delhi.in,dc=linux,dc=box objectClass: domain o: delhi.in structuralObjectClass: domain
dn: ou=adrbook-del,o=delhi.in,dc=linux,dc=box ou: adrbook-kol objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Users,o=delhi.in,dc=linux,dc=box ou: Users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Groups,o=delhi.in,dc=linux,dc=box ou: Groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit -----------------------------------------------------------------------------------
On Mon, May 14, 2007 at 11:34:38AM +0530, JOYDEEP wrote:
Dear list,
I like to have a multidomain structure in openLDAP. below is my ldif but slapadd reports error because of the domain mis-configuration. could any one kindly help me to fix the problem ?
dn: dc=box ObjectClass: dcObject dc: box structuralObjectClass: dcObject
dn: dc=linux,dc=box ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
dn: o=kolkata.in,dc=linux,dc=box objectClass: domain o: kolkata.in structuralObjectClass: domain
dn: ou=adrbook-kol,o=kolkata.in,dc=linux,dc=box ou: adrbook-kol objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Users,o=kolkata.in,dc=linux,dc=box ou: Users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Groups,o=kolkata.in,dc=linux,dc=box ou: Groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: o=delhi.in,dc=linux,dc=box objectClass: domain o: delhi.in structuralObjectClass: domain
dn: ou=adrbook-del,o=delhi.in,dc=linux,dc=box ou: adrbook-kol objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Users,o=delhi.in,dc=linux,dc=box ou: Users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Groups,o=delhi.in,dc=linux,dc=box ou: Groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
Dmitriy Kirhlarov wrote:
On Mon, May 14, 2007 at 11:34:38AM +0530, JOYDEEP wrote:
Dear list,
I like to have a multidomain structure in openLDAP. below is my ldif but slapadd reports error because of the domain mis-configuration. could any one kindly help me to fix the problem ?
dn: dc=box ObjectClass: dcObject dc: box structuralObjectClass: dcObject
Thanks , but after following the structure u have suggested; slapadd command reports -------------------------------------------------------------- str2entry: entry -1 has multiple DNs "dc=box" and "o=kolkata.in,dc=box" ------------------------------------------------------------------
thanks
dn: dc=linux,dc=box ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
dn: o=kolkata.in,dc=linux,dc=box objectClass: domain o: kolkata.in structuralObjectClass: domain
dn: ou=adrbook-kol,o=kolkata.in,dc=linux,dc=box ou: adrbook-kol objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Users,o=kolkata.in,dc=linux,dc=box ou: Users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Groups,o=kolkata.in,dc=linux,dc=box ou: Groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: o=delhi.in,dc=linux,dc=box objectClass: domain o: delhi.in structuralObjectClass: domain
dn: ou=adrbook-del,o=delhi.in,dc=linux,dc=box ou: adrbook-kol objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Users,o=delhi.in,dc=linux,dc=box ou: Users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Groups,o=delhi.in,dc=linux,dc=box ou: Groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
On 5/14/07, JOYDEEP j.bakshi@unlimitedmail.org wrote:
Dear list,
I like to have a multidomain structure in openLDAP. below is my ldif but slapadd reports error because of the domain mis-configuration. could any one kindly help me to fix the problem ?
dn: dc=linux,dc=box ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
dn: o=kolkata.in,dc=linux,dc=box objectClass: domain o: kolkata.in structuralObjectClass: domain
dn: ou=adrbook-kol,o=kolkata.in,dc=linux,dc=box ou: adrbook-kol objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Users,o=kolkata.in,dc=linux,dc=box ou: Users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Groups,o=kolkata.in,dc=linux,dc=box ou: Groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: o=delhi.in,dc=linux,dc=box objectClass: domain o: delhi.in structuralObjectClass: domain
dn: ou=adrbook-del,o=delhi.in,dc=linux,dc=box ou: adrbook-kol objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Users,o=delhi.in,dc=linux,dc=box ou: Users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Groups,o=delhi.in,dc=linux,dc=box ou: Groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
You shouldn't need to specify the structuralObjectClass, as it should be implied by the objectClass. What errors do you get from ldapadd?
matthew sporleder writes:
dn: dc=linux,dc=box ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
eh, dcObject is not a structural object class. This shouldn't work. Each object needs one structural object class in its 'objectClass' attribute, such as 'domain', 'organization' or 'organizationalUnit'. (Stuffing dcObject into structuralObjectClass does not help.)
Thus, the simplest fix for that problem is to replace dcObject with domain everywhere. If you want a 'dc' member in an object with objectClass 'organization' or 'organizationalUnit', you can use 'objectClass: dcObject' _in addition_ to that class.
Hallvard B Furuseth wrote:
matthew sporleder writes:
dn: dc=linux,dc=box ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
eh, dcObject is not a structural object class. This shouldn't work. Each object needs one structural object class in its 'objectClass' attribute, such as 'domain', 'organization' or 'organizationalUnit'. (Stuffing dcObject into structuralObjectClass does not help.)
Thus, the simplest fix for that problem is to replace dcObject with domain everywhere. If you want a 'dc' member in an object with objectClass 'organization' or 'organizationalUnit', you can use 'objectClass: dcObject' _in addition_ to that class.
OK, but which I like to implement is like
==================================
n: dc=digitalrock,dc=de # base dn
1. Domain: dn: o=domain1.com,dc=digitalrock,dc=de
- Accounts 1. Domain: dn: ou=accounts,o=domain1.com,dc=digitalrock,dc=de
- Groups 1. Domain: dn: ou=groups,o=domain1.com,dc=digitalrock,dc=de
2. Domain: dn: o=domain2.com,dc=digitalrock,dc=de
- Accounts 2. Domain: dn: ou=accounts,o=domain2.com,dc=digitalrock,dc=de
- Groups 2. Domain: dn: ou=groups,o=domain2.com,dc=digitalrock,dc=de =====================================================
matthew sporleder wrote:
On 5/14/07, JOYDEEP j.bakshi@unlimitedmail.org wrote:
Dear list,
I like to have a multidomain structure in openLDAP. below is my ldif but slapadd reports error because of the domain mis-configuration. could any one kindly help me to fix the problem ?
dn: dc=linux,dc=box ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
dn: o=kolkata.in,dc=linux,dc=box objectClass: domain o: kolkata.in structuralObjectClass: domain
dn: ou=adrbook-kol,o=kolkata.in,dc=linux,dc=box ou: adrbook-kol objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Users,o=kolkata.in,dc=linux,dc=box ou: Users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Groups,o=kolkata.in,dc=linux,dc=box ou: Groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: o=delhi.in,dc=linux,dc=box objectClass: domain o: delhi.in structuralObjectClass: domain
dn: ou=adrbook-del,o=delhi.in,dc=linux,dc=box ou: adrbook-kol objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Users,o=delhi.in,dc=linux,dc=box ou: Users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=Groups,o=delhi.in,dc=linux,dc=box ou: Groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
You shouldn't need to specify the structuralObjectClass, as it should be implied by the objectClass. What errors do you get from ldapadd?
I am using slapadd and it reports ---------------------------------------- str2entry: entry -1 has multiple DNs "dc=box" and "o=kolkata.in,dc=box" ----------------------------------------
dn: dc=linux,dc=box ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
You shouldn't need to specify the structuralObjectClass, as it should be implied by the objectClass. What errors do you get from ldapadd?
I am using slapadd and it reports
str2entry: entry -1 has multiple DNs "dc=box" and "o=kolkata.in,dc=box"
I think I would just start over with something more like this: (from my head -- not tested)
dn: dc=linux,dc=box objectclass: dcObject objectclass: organization o: Linux Box dc: linux
dn: o=kolkata.in,dc=linux,dc=box objectclass: organization o: kolkata.in
dn: o=delihi.in,dc=linux,dc=box objectclass: organization o: delihi.in
dn: ou=xxx,o=yyyy,dc=linux,dc=cox objectclass: organizationalunit ou: xxx
etc.
_Matt
matthew sporleder wrote:
dn: dc=linux,dc=box ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
You shouldn't need to specify the structuralObjectClass, as it should be implied by the objectClass. What errors do you get from ldapadd?
I am using slapadd and it reports
str2entry: entry -1 has multiple DNs "dc=box" and "o=kolkata.in,dc=box"
I think I would just start over with something more like this: (from my head -- not tested)
Thanks ; this config is working now :-) seems the previous config had some problem. thanks once again
dn: dc=linux,dc=box objectclass: dcObject objectclass: organization o: Linux Box dc: linux
dn: o=kolkata.in,dc=linux,dc=box objectclass: organization o: kolkata.in
dn: o=delihi.in,dc=linux,dc=box objectclass: organization o: delihi.in
dn: ou=xxx,o=yyyy,dc=linux,dc=cox objectclass: organizationalunit ou: xxx
etc.
_Matt
JOYDEEP writes:
I like to have a multidomain structure in openLDAP. below is my ldif but slapadd reports error because of the domain mis-configuration.
No it doesn't, because it doesn't know what domains are. Please report the exact error message when asking for help (or reporting bugs for that matter). Anyway, looking at your LDIF file I see several problems:
dn: dc=linux,dc=box
Strange name, I don't think your DNS domain is linux.box. Maybe you should have 'dn: o=linux-box' or something instead, with objectClass: organization. Not that it matters to LDAP.
ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
You don't need structuralObjectClass, though with slapadd it doesn't hurt either. You can't add it with ldapadd though.
(space)
Remove the space on the blank line after the dc=linux entry. I don't remember if OpenLDAP works it in this case, but spaces are significant.
dn: o=kolkata.in,dc=linux,dc=box objectClass: domain o: kolkata.in
The 'domain' object class requires the 'dc' (domainComponent) attribute, see the 'MUST' clause in its definition in schema/cosine.schema.
You can use objectClass: organization instead. Note that 'o' means organizationalName - is the organization name actually a domain name (with .in)?
Alternatively, maybe it should be something like dn: dc=in,o=linux-box dc: in objectClass: dcObject
dn: dc=kolkata,dc=in,o=linux-box dc: kolkata objectClass: dcObject
The same goes for for o=delhi.in,dc=linux,dc=box.
Hallvard B Furuseth wrote:
JOYDEEP writes:
I like to have a multidomain structure in openLDAP. below is my ldif but slapadd reports error because of the domain mis-configuration.
No it doesn't, because it doesn't know what domains are. Please report the exact error message when asking for help (or reporting bugs for that matter). Anyway, looking at your LDIF file I see several problems:
Thanks, here is the error I can see =============================== str2entry: entry -1 has multiple DNs "dc=box" and "o=kolkata.in,dc=box" ==================================================
dn: dc=linux,dc=box
Strange name, I don't think your DNS domain is linux.box. Maybe you should have 'dn: o=linux-box' or something instead, with objectClass: organization. Not that it matters to LDAP.
ObjectClass: dcObject dc: linux structuralObjectClass:dcObject
You don't need structuralObjectClass, though with slapadd it doesn't hurt either. You can't add it with ldapadd though.
(space)
Remove the space on the blank line after the dc=linux entry. I don't remember if OpenLDAP works it in this case, but spaces are significant.
dn: o=kolkata.in,dc=linux,dc=box objectClass: domain o: kolkata.in
The 'domain' object class requires the 'dc' (domainComponent) attribute, see the 'MUST' clause in its definition in schema/cosine.schema.
You can use objectClass: organization instead. Note that 'o' means organizationalName - is the organization name actually a domain name (with .in)?
Alternatively, maybe it should be something like dn: dc=in,o=linux-box dc: in objectClass: dcObject
dn: dc=kolkata,dc=in,o=linux-box dc: kolkata objectClass: dcObject
The same goes for for o=delhi.in,dc=linux,dc=box.
openldap-software@openldap.org
-
Dmitriy Kirhlarov -
Hallvard B Furuseth -
JOYDEEP -
matthew sporleder