Hi all,
My name is Alex and I recently joined this list because I can't find some straight forward guidelines and nothing seems to work for me. Of course it is a dummy question and I know you saw it many time but I am sure that I'm missing something very very simple in fact. If you want, please help me because I am a bit lost and I don't know how to move forward.
I am trying to setup an OpenLDAP server on Centos 7. This is my first time, so please take me easy :))
I will try to reproduce my steps because being my first time error may occur at any moment but I strongly want to learn OpenLDAP.
My goal is to add some custom fields (atributeType) into Ldap DB. I know there can be a workaround for this, like add the data into inetOrgPerson schema but I want a new Schema, defined for what I need. Basically this schema will contain supplementary informations about students like (ID-Number, University Assigned Number, contact email, address, name after marriage, etc).
Here are all steps I've done (successfully I believe):
install and configure OpenLDAP from here: https://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=1
----
I've tried to create my new schema like this (I have my private IANA OID):
----------------------------------- info.schema ---- attributetype ( 1.3.6.1.4.1.49565.1.1.1 NAME 'cnp' DESC 'Cod Numeric Personal' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 1.3.6.1.4.1.49565.1.1.2 NAME 'emailContact' DESC 'Email for external user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
objectclass ( 1.3.6.1.4.1.49565.1.2.1 NAME 'infoVCard' DESC 'Extra Information Card' AUXILIARY ) -----------------------------------
* Moved to /tmp/slapd folder and created an info.conf file: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/info.schema
* transformed info.schema to ldif slaptest -f info.conf -F . config file testing succeeded
* moved to cn=config/cn=schema and all 5 files are here: -rw-------. 1 root root 15546 Mar 31 22:15 cn={0}core.ldif -rw-------. 1 root root 11363 Mar 31 22:15 cn={1}cosine.ldif -rw-------. 1 root root 6495 Mar 31 22:15 cn={2}nis.ldif -rw-------. 1 root root 2857 Mar 31 22:15 cn={3}inetorgperson.ldif -rw-------. 1 root root 890 Mar 31 22:15 cn={4}info.ldif
-------------------------------------------- * edited cn={4}info.ldif like so: -------------------------------------------- # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 bc62c5f1 dn: cn=info,cn=schema,cn=config objectClass: olcSchemaConfig cn: info olcAttributeTypes: {0}( 1.3.6.1.4.1.49565.1.1.1 NAME 'cnp' DESC 'Cod Numeric Personal' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {1}( 1.3.6.1.4.1.49565.1.1.2 NAME 'emailContact' DESC 'Em ail for external user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcObjectClasses: {0}( 1.3.6.1.4.1.49565.1.2.1 NAME 'infoVCard' DESC 'Extra Information Card' AUXILIARY ) -------------------------------------------
* copied info.ldif from /tmp to /etc/openldap/schema/info.ldif
* load info.ldif into OpenLDAP ldapadd -Y EXTERNAL -H ldapi:/// -f info.ldif
OUTPUT of above command: SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=info,cn=schema,cn=config"
------------------------------------ I suppose everything is correct because at /etc/openldap/slapd.d/cn=config/cn=schema now appears my cn={4}info.ldif file with the following content:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 a48aaa49 dn: cn={4}info objectClass: olcSchemaConfig cn: {4}info olcAttributeTypes: {0}( 1.3.6.1.4.1.49565.1.1.1 NAME 'cnp' DESC 'Cod Numeric Personal' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcAttributeTypes: {1}( 1.3.6.1.4.1.49565.1.1.2 NAME 'emailContact' DESC 'Em ail for external user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) olcObjectClasses: {0}( 1.3.6.1.4.1.49565.1.2.1 NAME 'infoVCard' DESC 'Extra Information Card' AUXILIARY ) structuralObjectClass: olcSchemaConfig entryUUID: 9d56682a-aa93-1036-9882-31e47bf02dae creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth createTimestamp: 20170331192559Z entryCSN: 20170331192559.397549Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20170331192559Z
---------------------------------------
Now, till here everything worked smooth but from this step forward everything turns into a nightmare. How do I add data using this new schema? I've tried this:
ldapuser.ldif ---
dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: Alexandru sn: Ocheana userPassword: {SSHA}BBxUpzvO93HlFEFPSkexvXA7G06UBYO4 loginShell: /bin/bash uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/alex
## ------------------------- ## HERE I BELIEVE IS AN ERROR BUT WHICH IS THE CORRECT WAY TO ADD IT? ## THIS PART IS TO ADD DATA TO THAT NEW SCHEMA ## ------------------------- dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro objectClass: infoVCard cnp: myCNP emailContact: otheremail@gmail.com
dn: cn=alex,ou=Group,dc=info,dc=uaic,dc=ro objectClass: posixGroup cn: Alex gidNumber: 2000 memberUid: alex
----
I am trying to add this to OpenLDAP like so:
ldapadd -x -D cn=Manager,dc=info,dc=uaic,dc=ro -W -f ldapuser.ldif After asking for password I am getting this output:
adding new entry "uid=alex,ou=People,dc=info,dc=uaic,dc=ro"
adding new entry "uid=alex,ou=People,dc=info,dc=uaic,dc=ro" ldap_add: Object class violation (65) additional info: no structural object class provided
My logic tells me that my infoVCard should be bound somehow to first set as inetPersonOrg (I've read about this but I don't know how to really achieve this ... I know about SUP but I am lost at this point).
Can you bring some light into my head please? What I am missing?
Thank you very much for your time!
Regards, Alexandru Ocheana
Alexandru Ocheana wrote:
objectclass ( 1.3.6.1.4.1.49565.1.2.1 NAME 'infoVCard' DESC 'Extra Information Card' AUXILIARY )
^^^^^^^^^
dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: Alexandru sn: Ocheana userPassword: {SSHA}BBxUpzvO93HlFEFPSkexvXA7G06UBYO4 loginShell: /bin/bash uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/alex
## ------------------------- ## HERE I BELIEVE IS AN ERROR BUT WHICH IS THE CORRECT WAY TO ADD IT? ## THIS PART IS TO ADD DATA TO THAT NEW SCHEMA ## ------------------------- dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro objectClass: infoVCard cnp: myCNP emailContact: otheremail@gmail.com [..] adding new entry "uid=alex,ou=People,dc=info,dc=uaic,dc=ro" ldap_add: Object class violation (65) additional info: no structural object class provided
The error message is pretty clear. Your "second" entry record does not have any STRUCTURAL object class.
You're defining two LDIF entry records with same DN which represent two distinct entries.
You either want to simple merge both to one entry record or learn how LDIF *change* records are defined (see RFC 2849).
Combined single entry record (to be used with ldapadd tool):
------------------------------------------------- dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: infoVCard cn: Alexandru sn: Ocheana userPassword: {SSHA}BBxUpzvO93HlFEFPSkexvXA7G06UBYO4 loginShell: /bin/bash uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/alex cnp: myCNP emailContact: otheremail@gmail.com
-------------------------------------------------
Or two separate change records (add and modify) for one add operation and a subsequent modify operation (to be used with ldapmodify tool):
------------------------------------------------- dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro changetype: add objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: Alexandru sn: Ocheana userPassword: {SSHA}BBxUpzvO93HlFEFPSkexvXA7G06UBYO4 loginShell: /bin/bash uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/alex
dn: uid=alex,ou=People,dc=info,dc=uaic,dc=ro changetype: modify add: objectClass objectClass: infoVCard - add: cnp cnp: myCNP - add: emailContact emailContact: otheremail@gmail.com -
-------------------------------------------------
But really: Look at RFC 2849 to understand the details within the example above!
Ciao, Michael.
openldap-technical@openldap.org
-
Alexandru Ocheana -
Michael Ströder