2:14 a.m.
Hi all, I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com
objectClass: iNetOrgPerson
uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
6:56 a.m.
On 7/14/22 11:14, Luca Stancapiano wrote:
Hi all, I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com
objectClass: iNetOrgPerson
uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
Did you add inetorgperson.ldif (dynamic config aka cn=config) or
inetorgperson.schema (static config aka slapd.conf)?
Ciao, Michael.
9:16 a.m.
On Jul 14, 2022, at 4:14 AM, Luca Stancapiano
<luca.stancapiano(a)vige.it> wrote:
Hi all, I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com
objectClass: iNetOrgPerson
uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
Looks like you’re missing cn and sn attributes which are required by its parent
obejectclass, person.
—
Shawn
9:19 a.m.
--On Thursday, July 14, 2022 12:16 PM -0500 Shawn McKinney
<smckinney(a)symas.com> wrote:
> On Jul 14, 2022, at 4:14 AM, Luca Stancapiano <luca.stancapiano(a)vige.it>
> wrote:
>
> Hi all, I'm triing to create a user with openldap 2.4
>
> dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com
> objectClass: iNetOrgPerson
> uid: iiiiii
>
> but it doesn't seem recognize the objectClass producing this error:
>
> adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com"
> ldap_add: Invalid syntax (21)
> additional info: objectClass: value #0 invalid per syntax
>
> Using other object classes is ok. What's the problem?
Looks like you're missing cn and sn attributes which are required by
its parent obejectclass, person.
It hadn't gotten that far, processing wise. As Michael noted, they appear
to have not loaded in the inetorgperson schema.
I've also seen this when an objectClass value has a trailing character
that's not visible to the naked eye (such as a space character).
--Quanah
11:51 a.m.
Hi , also adding sn and cn I have the same problem using ldapadd. The problem is that
iNetOrgPerson is not recognized. If I use other object class it is ok. But I need
iNetOrgPerson because I have to use the email. So why the iNetOrgPerson is not recognized
by my openldap? What I miss?
> Il 14/07/2022 18:16 Shawn McKinney <smckinney(a)symas.com> ha scritto:
>
>
> > On Jul 14, 2022, at 4:14 AM, Luca Stancapiano <luca.stancapiano(a)vige.it>
wrote:
> >
> > Hi all, I'm triing to create a user with openldap 2.4
> >
> > dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com
> > objectClass: iNetOrgPerson
> > uid: iiiiii
> >
> > but it doesn't seem recognize the objectClass producing this error:
> >
> > adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com"
> > ldap_add: Invalid syntax (21)
> > additional info: objectClass: value #0 invalid per syntax
> >
> > Using other object classes is ok. What's the problem?
>
> Looks like you’re missing cn and sn attributes which are required by its parent
obejectclass, person.
>
> —
> Shawn
11:54 a.m.
--On Thursday, July 14, 2022 9:51 PM +0200 Luca Stancapiano
<luca.stancapiano(a)vige.it> wrote:
Hi , also adding sn and cn I have the same problem using ldapadd.
The
problem is that iNetOrgPerson is not recognized. If I use other object
class it is ok. But I need iNetOrgPerson because I have to use the email.
So why the iNetOrgPerson is not recognized by my openldap? What I miss?
This has already been answered for you multiple times now.
The OpenLDAP server can only act on schema that have been configured. If
the inetorgperson schema is not present in the server configuration, you
clearly cannot use it to create objects. So the first step is to confirm
whether or not your configuration is loading the inetorgperson schema.
If it isn't, then you need to add it to the server configuration.
If it is, then there's an issue with the objectClass value as I already
stated. For example, there could be a trailing space, i.e.:
"objectClass: inetOrgPerson "
instead of:
"objectClass: inetOrgPerson"
Regards,
Quanah
12:01 p.m.
Thanks for your response.
I tried several form of inetOrgPerson and inetOrgPerson . So I suppose it is not
configured.
Sorry but I'm new with openldap, so the question is:
1- How I see if inetOrgPerson is configred?
2 - How I configure it to support the mail field?
> Il 14/07/2022 20:54 Quanah Gibson-Mount <quanah(a)fast-mail.org> ha scritto:
>
>
> --On Thursday, July 14, 2022 9:51 PM +0200 Luca Stancapiano
> <luca.stancapiano(a)vige.it> wrote:
>
> > Hi , also adding sn and cn I have the same problem using ldapadd. The
> > problem is that iNetOrgPerson is not recognized. If I use other object
> > class it is ok. But I need iNetOrgPerson because I have to use the email.
> > So why the iNetOrgPerson is not recognized by my openldap? What I miss?
>
> This has already been answered for you multiple times now.
>
> The OpenLDAP server can only act on schema that have been configured. If
> the inetorgperson schema is not present in the server configuration, you
> clearly cannot use it to create objects. So the first step is to confirm
> whether or not your configuration is loading the inetorgperson schema.
>
> If it isn't, then you need to add it to the server configuration.
>
> If it is, then there's an issue with the objectClass value as I already
> stated. For example, there could be a trailing space, i.e.:
>
> "objectClass: inetOrgPerson "
>
> instead of:
>
> "objectClass: inetOrgPerson"
>
> Regards,
> Quanah
12:12 p.m.
--On Thursday, July 14, 2022 10:01 PM +0200 Luca Stancapiano
<luca.stancapiano(a)vige.it> wrote:
Thanks for your response.
I tried several form of inetOrgPerson and inetOrgPerson . So I suppose it
is not configured. Sorry but I'm new with openldap, so the question is:
1- How I see if inetOrgPerson is configred?
Two quick options:
1. You can query the cn=subschema entry with ldapsearch
2. You can examine the server configuration
You probably want to go with 2, since if it isn't there you will need to
update the server configuration.
2 - How I configure it to support the mail field?
inetorgperson already supports the mail attribute.
Regards,
Quanah
12:26 p.m.
Thanks you. Can you tell me what is the configuration file and the voice to update?
I'm new with openldap
> Il 14/07/2022 21:12 Quanah Gibson-Mount <quanah(a)fast-mail.org> ha scritto:
>
>
> --On Thursday, July 14, 2022 10:01 PM +0200 Luca Stancapiano
> <luca.stancapiano(a)vige.it> wrote:
>
> > Thanks for your response.
> >
> > I tried several form of inetOrgPerson and inetOrgPerson . So I suppose it
> > is not configured. Sorry but I'm new with openldap, so the question is:
> >
> > 1- How I see if inetOrgPerson is configred?
>
> Two quick options:
>
> 1. You can query the cn=subschema entry with ldapsearch
> 2. You can examine the server configuration
>
> You probably want to go with 2, since if it isn't there you will need to
> update the server configuration.
>
> > 2 - How I configure it to support the mail field?
>
> inetorgperson already supports the mail attribute.
>
> Regards,
> Quanah
12:37 p.m.
--On Thursday, July 14, 2022 10:26 PM +0200 Luca Stancapiano
<luca.stancapiano(a)vige.it> wrote:
Thanks you. Can you tell me what is the configuration file and the
voice
to update? I'm new with openldap
I can't, because how it was configured depends on factors I have no
knowledge of. For example, if you're using the OpenLDAP shipped in a
linux distribution, most of them use the dynamic cn=config LDAP database
for configuration. Some use the old deprecated slapd.conf file method for
configuration. You could be using a custom deployment, etc. I.e., I have
no idea how your specific OpenLDAP deployment is configured.
Regards,
Quanah
11:03 a.m.
--On Tuesday, May 16, 2023 6:50 PM +0000 terry.lemons(a)dell.com wrote:
Hi - like Luca, I'd like to use the inetOrgPerson schema in my
environment. I followed
https://www.openldap.org/doc/admin26/quickstart.html to deploy an
openldap 2.6.4 system. Looking in slapd.conf, I saw that only one schema
is included by default:
include /usr/local/etc/openldap/schema/core.schema
So, wanting to also use inetOrgPerson, I added a second include statement:
include /usr/local/etc/openldap/schema/inetorgperson.ldif
I ran:
rm -r /usr/local/etc/slapd.d/* - I know, I need to figure out ldapmodify
/usr/local/sbin/slapadd -n 0 -F /usr/local/etc/slapd.d -l
/usr/local/etc/openldap/slapd.ldif /usr/local/libexec/slapd -F
/usr/local/etc/slapd.d -h "ldap:/// ldaps:///"
But I don't see inetOrgPerson appear in the list of objectClasses. Have I
missed a step?
The documented method of converting a 'slapd.conf' file to a
'slapd-config'
database is to use the 'slaptest' binary, like:
slaptest -f /path/to/slapd.conf -F /path/to/slapd.d
If you want to include a schema file in a cn=config slapd.ldif file, then
you probably want to read over my blog here:
<https://mishikal.wordpress.com/2019/04/23/configuring-mmr-using-delta-syn...
as it has an example of how to correctly include a schema file for import.
I'd note that most of your arguments to your slapadd command are
non-sensical, I suggest reading the man page.
Regards,
Quanah
10:50 a.m.
Hi - like Luca, I'd like to use the inetOrgPerson schema in my environment. I followed
https://www.openldap.org/doc/admin26/quickstart.html to deploy an openldap 2.6.4 system.
Looking in slapd.conf, I saw that only one schema is included by default:
include /usr/local/etc/openldap/schema/core.schema
So, wanting to also use inetOrgPerson, I added a second include statement:
include /usr/local/etc/openldap/schema/inetorgperson.ldif
I ran:
rm -r /usr/local/etc/slapd.d/* - I know, I need to figure out ldapmodify
/usr/local/sbin/slapadd -n 0 -F /usr/local/etc/slapd.d -l
/usr/local/etc/openldap/slapd.ldif
/usr/local/libexec/slapd -F /usr/local/etc/slapd.d -h "ldap:/// ldaps:///"
But I don't see inetOrgPerson appear in the list of objectClasses. Have I missed a
step?
139
days inactive
445
days old
openldap-technical@openldap.org
11 comments
5 participants
participants (5)
-
Luca Stancapiano -
Michael Ströder -
Quanah Gibson-Mount -
Shawn McKinney -
terry.lemons@dell.com