This is the version of openldap I use:
# /usr/sbin/slapd -V @(#) $OpenLDAP: slapd 2.4.23 (Aug 8 2012 16:29:21) $ mockbuild@c6b10.bsys.dev.centos.org:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
I followed an LDAP installation walkthrough for centos 6.3. It did not mention the slapd.conf. I copied the slapd.conf manually from an installation directory after some googling. Because I needed to configure the rootdn and rootpw values. It worked and I assumed it was OK. But I guess I should configure these values elsewhere and get rid of slapd.conf?
On Thu, Feb 28, 2013 at 10:24 AM, Howard Chu hyc@symas.com wrote:
Jimmy Royer wrote:
Hello,
I am starting out with openldap and I don't know it that much. I got the error mentioned in the title when trying to add an object class, which is apparently a very common one per my google searches. I've read that common causes are:
- extraneous white space (especially trailing white space)
- improperly encoded characters (LDAPv3 uses UTF-8 encoded Unicode)
- empty values (few syntaxes allow empty values)
This is the object class file I am trying to add, I picked it as an example on some website, to have something minimal and make it easier to test:
# cat exObjectClasses.ldif dn: cn=schema changetype: modify add: objectClasses objectClasses: ( 2.16.840.1.113730.3.2.2.9 NAME 'blogger' DESC 'Someone who has a blog' SUP inetOrgPerson STRUCTURAL MAY blog )
I've checked if there was any trailing spaces at the end with the following:
# cat -vte exObjectClasses.ldif dn: cn=schema$ changetype: modify$ add: objectClasses$ objectClasses: ( 2.16.840.1.113730.3.2.2.9$ NAME 'blogger'$ DESC 'Someone who has a blog'$ SUP inetOrgPerson STRUCTURAL$ MAY blog )$
I've made sure the file is UTF-8:
# iconv -f ASCII -t UTF-8 exObjectClasses.ldif > exObjectClasses.ldif.utf8
Redundant. 7-bit ASCII is already valid UTF-8. And if you had any stray 8-bit ASCII characters in there, they obviously would be erroneous and should be deleted, not converted to UTF-8.
Most likely you trimmed too many spaces. Read the ldif(5) manpage.
Also, cn=schema is not a user modifiable entry in OpenLDAP. If you want to add new schema you must add it to cn=schema,cn=config.
Seems like, given that you haven't mentioned cn=config, you're probably using a pretty old version of OpenLDAP as well.
And I don't think there are any empty values defined in the LDIF file. So when I type this command, I still have the "invalid per syntax error:
# ldapmodify -x -W -H "ldaps://127.0.0.1" -D cn=Manager,dc=modelsolv,dc=com -f exObjectClasses.ldif Enter LDAP Password: modifying entry "cn=schema" ldap_modify: Invalid syntax (21) additional info: objectClasses: value #0 invalid per syntax
I was able to add a few entries in LDAP so far. So I know I am able to reach the server, the connection is fine, and LDAP is somewhat functional. But I can't modify the schema with objectclasses.
Is there anything obvious that I am doing wrong? Do you have any recommendation for debugging further?
Regards, Jimmy Royer
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/