Hello,
I'm in the middle of upgrading our existing LDAP servers to new systems running OpenLDAP 2.4.40 on CentOS 6.9. I have over 10 years of experience managing LDAP directories in relatively simple environments, but this is my first time trying to use the dynamic runtime configuration engine.
I'm trying to add all the schemas I need with slapadd before I add a dump of the directory from our old servers with slapadd. I need a kerberos schema, so I copied the kerberos schema from /usr/share/doc/krb5-server-ldap-1.10.3/kerberos.ldif, to /etc/openldap/schema and modified it so it could be added with slapadd rather than ldapmodify, like all the other files in that directory.
Here's an example of the start of the file after making those changes:
dn: cn=kerberos,cn=schema,cn=config objectClass: olcSchemaConfig cn: kerberos olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
olcAttributeTypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
When I try to add that file with slapadd. I get this error:
# slapadd -n0 -F /etc/openldap/slapd.d -l kerberos.ldif SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)): empty AttributeDescription slapadd: could not parse entry (line=1) _# 6.36% eta none elapsed none spd 18.6 M/s Closing DB...
Running the same command debugging set to -1, I get the following:
59138493 => str2entry: "dn: cn=kerberos,cn=schema,cn=config objectClass: olcSchemaConfig cn: kerberos olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) " 59138493 >>> dnPrettyNormal: <cn=kerberos,cn=schema,cn=config> 59138493 <<< dnPrettyNormal: <cn=kerberos,cn=schema,cn=config>, <cn=kerberos,cn=schema,cn=config> 59138493 <= str2entry NULL (parse_line) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)): empty AttributeDescription slapadd: could not parse entry (line=1) 59138493 slapadd shutdown: initiated 59138493 slapadd destroy: freeing system resources.
Any ideas what I'm doing wrong? I made similar changes to an autofs schema file, and I was able to add that just fine. Do I need to number each olcAttributeType entry by putting a number in curly braces ({0}, {1,}, etc.) at the start of each olcAttributeTypes entry?