Right you are. Thankyou. There really is no predicting what will happen to your data when you work outside the spec.
I've changed it by moving my data into a file which now looks like this:
dn: cn=newgrou1,ou=Groups,dc=moores,dc=ca changetype: modify add: memberUid memberUid: newuser1 add: member member: uid=newuser1,ou=People,dc=moores,dc=ca
Then I run ldapmodify like this:
/usr/bin/ldapmodify -v -y /etc/ldap.secret -D cn=admin,dc=moores,dc=ca -xH ldap://localhost -f ~/test.ldif
Now my reply is this:
ldap_initialize( ldap://localhost:389/??base ) ldapmodify: wrong attributeType at line 5, entry "cn=newgrou1,ou=Groups,dc=moores,dc=ca"
Fingering my user and group reviels the following. (note the existing member entry is from manually creating it via a GUI):
root@bison:~/ldapscripts.bkp# ldapfinger -g newgrou1 dn: cn=newgrou1,ou=Groups,dc=moores,dc=ca objectClass: groupOfNames objectClass: posixGroup gidNumber: 65535 member: uid=test,dc=ca description: Group account cn: newgrou1
root@bison:~/ldapscripts.bkp# ldapfinger newuser1 dn: uid=newuser1,ou=People,dc=moores,dc=ca objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: shadowAccount objectClass: posixAccount cn: newuser1 sn: newsn uid: newuser1 uidNumber: 65535 gidNumber: 100 homeDirectory: /home/newuser1 loginShell: /bin/bash gecos: newuser1 description: User account title: test
Any more pointers?
thanks, darryl
Hallvard B Furuseth wrote:
Darryl Moore writes:
It's not a different DN. It is the value of the 'member' attribute.
I don't believe they do need to have LF separators between attributes.
Your belief is wrong. Read - and believe - 'man ldif'. Or read - and believe - the output from ldapmodify. It told you it modified the entry named "cn=newgrou1,ou=Groups,dc=moores,dc=ca changetype: modify add: memberUid memberUid: newuser1 replace: member member: uid=newuser1,ou=People,dc=moores,dc=ca" All of that is the DN it used.
The data I am feeding into ldapmodify was the same data I extracted from a slightly modified version of the ldapaddusertogroup script. So this is how that script does it also.
So your extraction script is broken, maybe it did echo `something` instead of echo "`something`". Or your cut&paste from the extraction is broken.