Perhaps try man slapo_ppolicy - it should hopefully provide the limits and acceptable values and compare with your ldif to find the cause of "Error description: An invalid attribute value was specified."
Alternative: reduce the number of attributes (divide and conquer) to find the culprit.
Perhaps also checking the schema file for the limits or acceptable values.
- chris
Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: Chris Jacobs Cc: 'openldap-technical@openldap.org' openldap-technical@openldap.org Sent: Thu Jan 13 00:11:17 2011 Subject: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
13.01.2011 12:59, Chris Jacobs пишет:
That appears to be the point.
See: http://www.openldap.org/software/man.cgi?query=ppolicy&apropos=0&sek... ... No results.
Also look for the ppolicy in: http://www.openldap.org/doc/admin23/schema.html#Distributed%20Schema%20Files ... It's not there.
Where did you get the schema and the libraries necessary?
The ppolicy schema is provided by openldap-servers-2.3.43-12.el5_5.3.x86_64 RPM.
The overlays are provided by openldap-servers-overlays-2.3.43-12.el5_5.3 RPM.
The directives
modulepath /usr/lib64/openldap moduleload ppolicy.la overlay ppolicy ppolicy_default "cn=default,ou=Policies,dc=example,dc=com"
do not cause slaptest's protests.
FWIW: the password policy and MUCH more reliable syncing between servers is why we upgraded in my shop (turned off the old 2.3 master last week after finally overcoming last hurdles: solaris and use by other custom systems.)
The 2.3.* is the current version available from CentOS standard repositories.
Switching to 2.4.* (welcome, endless sequences of configure/make/make install) will only be the last resort if anything else fails. So far, the mentioned OpenLDAP works fine on both master and slave servers.
So, returning to the original question, is it possible to find why adding a dn fails? What's wrong with the syntax?
Sincerely, Konstantin
- chris
Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: Quanah Gibson-Mount quanah@zimbra.com Cc: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Wed Jan 12 23:38:54 2011 Subject: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
13.01.2011 11:55, Quanah Gibson-Mount пишет:
--On January 13, 2011 11:42:29 AM +0600 Konstantin Boyandin temmokan@gmail.com wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in
http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
I would suggest you compare the version you are running (2.3) with the version that the document you are reading uses (2.4). There is an obvious difference there, and it is a major one. I suggest you run a current supported release of OpenLDAP that matches the documentation you are using.
Thanks. I opened the 2.3 admin link instead: http://www.openldap.org/doc/admin23/ and it has no overlays section at all. That's weird, since I am using replication feature and there's a directive
overlay syncprov
in /etc/openldap/slapd.conf
How can I find the reasons for 'Invalid syntax' error in such a situation? Thanks.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.