Hi all,
My name is Alex and I recently joined this list because I can't find some straight forward guidelines and nothing seems to work for me. Of course it is a dummy question and I know you saw it many time but I am sure that I'm missing something very very simple in fact. If you want, please help me because I am a bit lost and I don't know how to move forward.
I am trying to setup an OpenLDAP server on Centos 7. This is my first time, so please take me easy :))
I will try to reproduce my steps because being my first time error may occur at any moment but I strongly want to learn OpenLDAP.
My goal is to add some custom fields (atributeType) into Ldap DB. I know there can be a workaround for this, like add the data into inetOrgPerson schema but I want a new Schema, defined for what I need. Basically this schema will contain supplementary informations about students like (ID-Number, University Assigned Number, contact email, address, name after marriage, etc).
Here are all steps I've done (successfully I believe):
install and configure OpenLDAP from here: https://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=1
----
I've tried to create my new schema like this (I have my private IANA OID):
----------------------------------- info.schema ---- attributetype ( 1.3.6.1.4.1.49565.1.1.1 NAME 'cnp' DESC 'Cod Numeric Personal' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 1.3.6.1.4.1.49565.1.1.2 NAME 'emailContact' DESC 'Email for external user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
objectclass ( 1.3.6.1.4.1.49565.1.2.1 NAME 'infoVCard' DESC 'Extra Information Card' AUXILIARY ) -----------------------------------
* Moved to /tmp/slapd folder and created an info.conf file: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/info.schema
* transformed info.schema to ldif slaptest -f info.conf -F . config file testing succeeded
* moved to cn=config/cn=schema and all 5 files are here: -rw-------. 1 root root 15546 Mar 31 22:15 cn={0}core.ldif -rw-------. 1 root root 11363 Mar 31 22:15 cn={1}cosine.ldif -rw-------. 1 root root 6495 Mar 31 22:15 cn={2}nis.ldif -rw-------. 1 root root 2857 Mar 31 22:15 cn={3}inetorgperson.ldif -rw-------. 1 root root 890 Mar 31 22:15 cn={4}info.ldif
-------------------------------------------- * edited cn={4}info.ldif like so: -------------------------------------------- # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 bc62c5f1 dn: cn=info,cn=schema,cn=config objectClass: olcSchemaConfig cn: info olcAttributeTypes: {0}( 1.3.6.1.4.1.49565.1.1.1 NAME 'cnp' DESC 'Cod Numeric Personal' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {1}( 1.3.6.1.4.1.49565.1.1.2 NAME 'emailContact' DESC 'Em ail for external user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcObjectClasses: {0}( 1.3.6.1.4.1.49565.1.2.1 NAME 'infoVCard' DESC 'Extra Information Card' AUXILIARY ) -------------------------------------------
* copied info.ldif from /tmp to /etc/openldap/schema/info.ldif
* load info.ldif into OpenLDAP ldapadd -Y EXTERNAL -H ldapi:/// -f info.ldif
OUTPUT of above command: SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=info,cn=schema,cn=config"
------------------------------------ I suppose everything is correct because at /etc/openldap/slapd.d/cn=config/cn=schema now appears my cn={4}info.ldif file with the following content:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 a48aaa49 dn: cn={4}info objectClass: olcSchemaConfig cn: {4}info olcAttributeTypes: {0}( 1.3.6.1.4.1.49565.1.1.1 NAME 'cnp' DESC 'Cod Numeric Personal' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {1}( 1.3.6.1.4.1.49565.1.1.2 NAME 'emailContact' DESC 'Em ail for external user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcObjectClasses: {0}( 1.3.6.1.4.1.49565.1.2.1 NAME 'infoVCard' DESC 'Extra Information Card' AUXILIARY ) structuralObjectClass: olcSchemaConfig entryUUID: 9d56682a-aa93-1036-9882-31e47bf02dae creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth createTimestamp: 20170331192559Z entryCSN: 20170331192559.397549Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20170331192559Z
---------------------------------------
Now, till here everything worked smooth but from this step forward everything turns into a nightmare. How do I add data using this new schema? I've tried this:
ldapuser.ldif ---
dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: Alexandru sn: Ocheana userPassword: {SSHA}BBxUpzvO93HlFEFPSkexvXA7G06UBYO4 loginShell: /bin/bash uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/alex
## ------------------------- ## HERE I BELIEVE IS AN ERROR BUT WHICH IS THE CORRECT WAY TO ADD IT? ## THIS PART IS TO ADD DATA TO THAT NEW SCHEMA ## ------------------------- dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro objectClass: infoVCard cnp: myCNP emailContact: otheremail@gmail.com
dn: cn=alex,ou=Group,dc=info,dc=uaic,dc=ro objectClass: posixGroup cn: Alex gidNumber: 2000 memberUid: alex
----
I am trying to add this to OpenLDAP like so:
ldapadd -x -D cn=Manager,dc=info,dc=uaic,dc=ro -W -f ldapuser.ldif After asking for password I am getting this output:
adding new entry "uid=alex,ou=People,dc=info,dc=uaic,dc=ro"
adding new entry "uid=alex,ou=People,dc=info,dc=uaic,dc=ro" ldap_add: Object class violation (65) additional info: no structural object class provided
My logic tells me that my infoVCard should be bound somehow to first set as inetPersonOrg (I've read about this but I don't know how to really achieve this ... I know about SUP but I am lost at this point).
Can you bring some light into my head please? What I am missing?
Thank you very much for your time!
Regards, Alexandru Ocheana