On Monday, 16 May 2011 17:38:31 pradyumna dash wrote:
Hi,
I am trying to acheive centralizing SUDO, but facing an issue,i suspect its something to do with sudoers.schema, May be am wrong. I think somehow the slapd process is not able to read it. Please suggest how to fix the issue.
[...]
t710x02-6:/etc/openldap/schema # ldapadd -f /opt/newsudo.ldif -h 127.0.0.1 -D cn=Manager,dc=example,dc=com -W -x Enter LDAP Password: adding new entry "cn=defaults,ou=SUDOers,dc=example,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
sudoers.ldif dn: cn=defaults,ou=SUDOers,dc=example,dc=com #objectClass: top objectClass: sudoRole cn: defaults
Please verify that you have actually included the sudoers.schema in your configuration, and that slapd was restarted after that.
You could check that the objectclass exists in your server. In my case:
$ ldapsearch -x -s base -b cn=subschema objectclasses|perl -p0e 's/\n //g' | grep -i sudo objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer Entries' SUP top STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) )
Regards, Buchan