Hi all, I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com objectClass: iNetOrgPerson uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
On 7/14/22 11:14, Luca Stancapiano wrote:
Hi all, I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com objectClass: iNetOrgPerson uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
Did you add inetorgperson.ldif (dynamic config aka cn=config) or inetorgperson.schema (static config aka slapd.conf)?
Ciao, Michael.
On Jul 14, 2022, at 4:14 AM, Luca Stancapiano luca.stancapiano@vige.it wrote:
Hi all, I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com objectClass: iNetOrgPerson uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
Looks like you’re missing cn and sn attributes which are required by its parent obejectclass, person.
— Shawn
--On Thursday, July 14, 2022 12:16 PM -0500 Shawn McKinney smckinney@symas.com wrote:
On Jul 14, 2022, at 4:14 AM, Luca Stancapiano luca.stancapiano@vige.it wrote:
Hi all, I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com objectClass: iNetOrgPerson uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
Looks like you're missing cn and sn attributes which are required by its parent obejectclass, person.
It hadn't gotten that far, processing wise. As Michael noted, they appear to have not loaded in the inetorgperson schema.
I've also seen this when an objectClass value has a trailing character that's not visible to the naked eye (such as a space character).
--Quanah
Hi , also adding sn and cn I have the same problem using ldapadd. The problem is that iNetOrgPerson is not recognized. If I use other object class it is ok. But I need iNetOrgPerson because I have to use the email. So why the iNetOrgPerson is not recognized by my openldap? What I miss?
Il 14/07/2022 18:16 Shawn McKinney smckinney@symas.com ha scritto:
On Jul 14, 2022, at 4:14 AM, Luca Stancapiano luca.stancapiano@vige.it wrote:
Hi all, I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com objectClass: iNetOrgPerson uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
Looks like you’re missing cn and sn attributes which are required by its parent obejectclass, person.
— Shawn
--On Thursday, July 14, 2022 9:51 PM +0200 Luca Stancapiano luca.stancapiano@vige.it wrote:
Hi , also adding sn and cn I have the same problem using ldapadd. The problem is that iNetOrgPerson is not recognized. If I use other object class it is ok. But I need iNetOrgPerson because I have to use the email. So why the iNetOrgPerson is not recognized by my openldap? What I miss?
This has already been answered for you multiple times now.
The OpenLDAP server can only act on schema that have been configured. If the inetorgperson schema is not present in the server configuration, you clearly cannot use it to create objects. So the first step is to confirm whether or not your configuration is loading the inetorgperson schema.
If it isn't, then you need to add it to the server configuration.
If it is, then there's an issue with the objectClass value as I already stated. For example, there could be a trailing space, i.e.:
"objectClass: inetOrgPerson "
instead of:
"objectClass: inetOrgPerson"
Regards, Quanah
Thanks for your response.
I tried several form of inetOrgPerson and inetOrgPerson . So I suppose it is not configured. Sorry but I'm new with openldap, so the question is:
1- How I see if inetOrgPerson is configred? 2 - How I configure it to support the mail field?
Il 14/07/2022 20:54 Quanah Gibson-Mount quanah@fast-mail.org ha scritto:
--On Thursday, July 14, 2022 9:51 PM +0200 Luca Stancapiano luca.stancapiano@vige.it wrote:
Hi , also adding sn and cn I have the same problem using ldapadd. The problem is that iNetOrgPerson is not recognized. If I use other object class it is ok. But I need iNetOrgPerson because I have to use the email. So why the iNetOrgPerson is not recognized by my openldap? What I miss?
This has already been answered for you multiple times now.
The OpenLDAP server can only act on schema that have been configured. If the inetorgperson schema is not present in the server configuration, you clearly cannot use it to create objects. So the first step is to confirm whether or not your configuration is loading the inetorgperson schema.
If it isn't, then you need to add it to the server configuration.
If it is, then there's an issue with the objectClass value as I already stated. For example, there could be a trailing space, i.e.:
"objectClass: inetOrgPerson "
instead of:
"objectClass: inetOrgPerson"
Regards, Quanah
--On Thursday, July 14, 2022 10:01 PM +0200 Luca Stancapiano luca.stancapiano@vige.it wrote:
Thanks for your response.
I tried several form of inetOrgPerson and inetOrgPerson . So I suppose it is not configured. Sorry but I'm new with openldap, so the question is:
1- How I see if inetOrgPerson is configred?
Two quick options:
1. You can query the cn=subschema entry with ldapsearch 2. You can examine the server configuration
You probably want to go with 2, since if it isn't there you will need to update the server configuration.
2 - How I configure it to support the mail field?
inetorgperson already supports the mail attribute.
Regards, Quanah
Thanks you. Can you tell me what is the configuration file and the voice to update? I'm new with openldap
Il 14/07/2022 21:12 Quanah Gibson-Mount quanah@fast-mail.org ha scritto:
--On Thursday, July 14, 2022 10:01 PM +0200 Luca Stancapiano luca.stancapiano@vige.it wrote:
Thanks for your response.
I tried several form of inetOrgPerson and inetOrgPerson . So I suppose it is not configured. Sorry but I'm new with openldap, so the question is:
1- How I see if inetOrgPerson is configred?
Two quick options:
- You can query the cn=subschema entry with ldapsearch
- You can examine the server configuration
You probably want to go with 2, since if it isn't there you will need to update the server configuration.
2 - How I configure it to support the mail field?
inetorgperson already supports the mail attribute.
Regards, Quanah
--On Thursday, July 14, 2022 10:26 PM +0200 Luca Stancapiano luca.stancapiano@vige.it wrote:
Thanks you. Can you tell me what is the configuration file and the voice to update? I'm new with openldap
I can't, because how it was configured depends on factors I have no knowledge of. For example, if you're using the OpenLDAP shipped in a linux distribution, most of them use the dynamic cn=config LDAP database for configuration. Some use the old deprecated slapd.conf file method for configuration. You could be using a custom deployment, etc. I.e., I have no idea how your specific OpenLDAP deployment is configured.
Regards, Quanah
Hi - like Luca, I'd like to use the inetOrgPerson schema in my environment. I followed https://www.openldap.org/doc/admin26/quickstart.html to deploy an openldap 2.6.4 system. Looking in slapd.conf, I saw that only one schema is included by default:
include /usr/local/etc/openldap/schema/core.schema
So, wanting to also use inetOrgPerson, I added a second include statement:
include /usr/local/etc/openldap/schema/inetorgperson.ldif
I ran: rm -r /usr/local/etc/slapd.d/* - I know, I need to figure out ldapmodify /usr/local/sbin/slapadd -n 0 -F /usr/local/etc/slapd.d -l /usr/local/etc/openldap/slapd.ldif /usr/local/libexec/slapd -F /usr/local/etc/slapd.d -h "ldap:/// ldaps:///"
But I don't see inetOrgPerson appear in the list of objectClasses. Have I missed a step?
--On Tuesday, May 16, 2023 6:50 PM +0000 terry.lemons@dell.com wrote:
Hi - like Luca, I'd like to use the inetOrgPerson schema in my environment. I followed https://www.openldap.org/doc/admin26/quickstart.html to deploy an openldap 2.6.4 system. Looking in slapd.conf, I saw that only one schema is included by default:
include /usr/local/etc/openldap/schema/core.schema
So, wanting to also use inetOrgPerson, I added a second include statement:
include /usr/local/etc/openldap/schema/inetorgperson.ldif
I ran: rm -r /usr/local/etc/slapd.d/* - I know, I need to figure out ldapmodify /usr/local/sbin/slapadd -n 0 -F /usr/local/etc/slapd.d -l /usr/local/etc/openldap/slapd.ldif /usr/local/libexec/slapd -F /usr/local/etc/slapd.d -h "ldap:/// ldaps:///"
But I don't see inetOrgPerson appear in the list of objectClasses. Have I missed a step?
The documented method of converting a 'slapd.conf' file to a 'slapd-config' database is to use the 'slaptest' binary, like:
slaptest -f /path/to/slapd.conf -F /path/to/slapd.d
If you want to include a schema file in a cn=config slapd.ldif file, then you probably want to read over my blog here:
as it has an example of how to correctly include a schema file for import.
I'd note that most of your arguments to your slapadd command are non-sensical, I suggest reading the man page.
Regards, Quanah
openldap-technical@openldap.org
-
Luca Stancapiano -
Michael Ströder -
Quanah Gibson-Mount -
Shawn McKinney -
terry.lemons@dell.com