Jimmy Royer wrote:
Hello,
I am starting out with openldap and I don't know it that much. I got the error mentioned in the title when trying to add an object class, which is apparently a very common one per my google searches. I've read that common causes are:
- extraneous white space (especially trailing white space)
- improperly encoded characters (LDAPv3 uses UTF-8 encoded Unicode)
- empty values (few syntaxes allow empty values)
This is the object class file I am trying to add, I picked it as an example on some website, to have something minimal and make it easier to test:
# cat exObjectClasses.ldif dn: cn=schema changetype: modify add: objectClasses objectClasses: ( 2.16.840.1.113730.3.2.2.9 NAME 'blogger' DESC 'Someone who has a blog' SUP inetOrgPerson STRUCTURAL MAY blog )
I've checked if there was any trailing spaces at the end with the following:
# cat -vte exObjectClasses.ldif dn: cn=schema$ changetype: modify$ add: objectClasses$ objectClasses: ( 2.16.840.1.113730.3.2.2.9$ NAME 'blogger'$ DESC 'Someone who has a blog'$ SUP inetOrgPerson STRUCTURAL$ MAY blog )$
I've made sure the file is UTF-8:
# iconv -f ASCII -t UTF-8 exObjectClasses.ldif > exObjectClasses.ldif.utf8
Redundant. 7-bit ASCII is already valid UTF-8. And if you had any stray 8-bit ASCII characters in there, they obviously would be erroneous and should be deleted, not converted to UTF-8.
Most likely you trimmed too many spaces. Read the ldif(5) manpage.
Also, cn=schema is not a user modifiable entry in OpenLDAP. If you want to add new schema you must add it to cn=schema,cn=config.
Seems like, given that you haven't mentioned cn=config, you're probably using a pretty old version of OpenLDAP as well.
And I don't think there are any empty values defined in the LDIF file. So when I type this command, I still have the "invalid per syntax error:
# ldapmodify -x -W -H "ldaps://127.0.0.1" -D cn=Manager,dc=modelsolv,dc=com -f exObjectClasses.ldif Enter LDAP Password: modifying entry "cn=schema" ldap_modify: Invalid syntax (21) additional info: objectClasses: value #0 invalid per syntax
I was able to add a few entries in LDAP so far. So I know I am able to reach the server, the connection is fine, and LDAP is somewhat functional. But I can't modify the schema with objectclasses.
Is there anything obvious that I am doing wrong? Do you have any recommendation for debugging further?
Regards, Jimmy Royer