Exported group can't be imported again: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Hi!
I've exported groups from a ldap server. Importin the very same group fails:
ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
schema inetorgperson is, among others included.
The group I want to add:
dn: cn=somegroup,ou=Groups,dc=example,dc=org objectClass: posixGroups objectClass: top gidNumer: 3000 cn: somegroup memberUid: someuser
Command: # ldapadd -D cn=manager,dc=example,dc=org -W dn: cn=somegroup,ou=Groups,dc=example,dc=org objectClass: posixGroups objectClass: top gidNumer: 3000 cn: somegroup memberUid: someuser
adding new entry "cn=somegroup,ou=Groups,dc=example,dc=org" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Any ideas?
--On Thursday, January 20, 2011 8:04 PM +0100 Thomas Schweikle tps@vr-web.de wrote:
# ldapadd -D cn=manager,dc=example,dc=org -W dn: cn=somegroup,ou=Groups,dc=example,dc=org objectClass: posixGroups
adding new entry "cn=somegroup,ou=Groups,dc=example,dc=org" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Any ideas?
Include the schema that defines "posixGroups".
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On Thu, Jan 20, 2011 at 08:04:00PM +0100, Thomas Schweikle wrote:
The group I want to add:
dn: cn=somegroup,ou=Groups,dc=example,dc=org objectClass: posixGroups objectClass: top gidNumer: 3000 cn: somegroup memberUid: someuser
Are you sure you mean posixGroups, not posixGroup ? And gidNumer instead of gidNumber ?
Have a look at nis.schema (or nis.ldif) to see what attributes are required or permitted for posixGroup.
Am 21.01.2011 13:19, schrieb Brian Candler:
On Thu, Jan 20, 2011 at 08:04:00PM +0100, Thomas Schweikle wrote:
The group I want to add:
dn: cn=somegroup,ou=Groups,dc=example,dc=org objectClass: posixGroups objectClass: top gidNumer: 3000 cn: somegroup memberUid: someuser
Are you sure you mean posixGroups, not posixGroup ? And gidNumer instead of gidNumber ?
This was the point: the export was with "posixGroups", but the newer schema only allowed "posixGroup". Must have been changed sometime ... :(
Have a look at nis.schema (or nis.ldif) to see what attributes are required or permitted for posixGroup.
I corrected all posixGroups to posixGroup and import worked!
Thomas Schweikle wrote:
Am 21.01.2011 13:19, schrieb Brian Candler:
On Thu, Jan 20, 2011 at 08:04:00PM +0100, Thomas Schweikle wrote:
The group I want to add:
dn: cn=somegroup,ou=Groups,dc=example,dc=org objectClass: posixGroups objectClass: top gidNumer: 3000 cn: somegroup memberUid: someuser
Are you sure you mean posixGroups, not posixGroup ? And gidNumer instead of gidNumber ?
This was the point: the export was with "posixGroups", but the newer schema only allowed "posixGroup". Must have been changed sometime ... :(
This schema has not changed in a dozen years. Your previous LDAP server simply didn't do schema validation and allowed you to store whatever garbage you gave it without checking.
Have a look at nis.schema (or nis.ldif) to see what attributes are required or permitted for posixGroup.
I corrected all posixGroups to posixGroup and import worked!
Am 21.01.2011 21:55, schrieb Howard Chu:
Thomas Schweikle wrote:
Am 21.01.2011 13:19, schrieb Brian Candler:
On Thu, Jan 20, 2011 at 08:04:00PM +0100, Thomas Schweikle wrote:
The group I want to add:
dn: cn=somegroup,ou=Groups,dc=example,dc=org objectClass: posixGroups objectClass: top gidNumer: 3000 cn: somegroup memberUid: someuser
Are you sure you mean posixGroups, not posixGroup ? And gidNumer instead of gidNumber ?
This was the point: the export was with "posixGroups", but the newer schema only allowed "posixGroup". Must have been changed sometime ... :(
This schema has not changed in a dozen years. Your previous LDAP server simply didn't do schema validation and allowed you to store whatever garbage you gave it without checking.
Yes, that's the case: the old server does not check the syntax at all. You're right it is possible to store any garbage you want.
openldap-technical@openldap.org
-
Brian Candler -
Howard Chu -
Quanah Gibson-Mount -
Thomas Schweikle