Hey guys,
And sorry to Quanah for the type-o. ;)
At any rate thanks for the ldapsearch. It did return a ton of information on the attributes defined in my schema:
[root@ldap2 ~]# ldapsearch -x -h ldap.acadaca.net -s base -b "cn=subschema" + | more # extended LDIF # # LDAPv3 # base <cn=subschema> with scope baseObject # filter: (objectclass=*) # requesting: + #
# Subschema dn: cn=Subschema structuralObjectClass: subentry createTimestamp: 20101105183240Z modifyTimestamp: 20101105183240Z ldapSyntaxes: ( 1.3.6.1.1.16.1 DESC 'UUID' ) ldapSyntaxes: ( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' ) ldapSyntaxes: ( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Netgroup Triple' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' X-BIN ARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' ) ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
However, nothing shows up under the search regarding sudoRole.
[root@ldap ldif]# ldapsearch -x -h ldap.acadaca.net -s base -b "cn=subschema" | grep sudoRole [root@ldap ldif]#
This is curious to me as the sudoers.schema file (which has sudoRole defined) is most definitely entered correctly into my slapd.conf file.
# See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/misc.schema inlcude /etc/openldap/schema/sudoers.schema include /etc/openldap/schema/openldap.schema
I checked the modes and permissions on sudoers.schema:
[root@ldap ~]# ls -l /etc/openldap/schema/sudoers.schema -r--r--r-- 1 ldap ldap 1655 Nov 4 18:38 /etc/openldap/schema/sudoers.schema
But when I try to add this LDIF entry to my directory:
# defaults, sudoers, Services, acadaca.net dn: cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here
I am still getting this error:
[root@ldap ldif]# ldapadd -h ldap.acadaca.net -a -W -x -D "cn=Manager,dc=acadaca,dc=net" -f /home/tim/txt/ldif/acadaca2.ldif Enter LDAP Password: adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net" ldapadd: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
And these errors in the logs:
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on: Nov 5 15:00:33 ldap slapd[4429]: Nov 5 15:00:33 ldap slapd[4429]: slap_listener_activate(7): Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7 busy Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: >>> slap_listener(ldap:///) Nov 5 15:00:33 ldap slapd[4429]: daemon: listen=7, new connection on 12 Nov 5 15:00:33 ldap slapd[4429]: daemon: added 12r (active) listener=(nil) Nov 5 15:00:33 ldap slapd[4429]: conn=5 fd=12 ACCEPT from IP=75.101.129.124:55873 (IP=0.0.0.0:389) Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 2 descriptors Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on: Nov 5 15:00:33 ldap slapd[4429]: 12r Nov 5 15:00:33 ldap slapd[4429]: Nov 5 15:00:33 ldap slapd[4429]: daemon: read active on 12 Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: connection_get(12) Nov 5 15:00:33 ldap slapd[4429]: connection_get(12): got connid=5 Nov 5 15:00:33 ldap slapd[4429]: connection_read(12): checking for input on id=5 Nov 5 15:00:33 ldap slapd[4429]: do_bind Nov 5 15:00:33 ldap slapd[4429]: >>> dnPrettyNormal: <cn=Manager,dc=acadaca,dc=net> Nov 5 15:00:33 ldap slapd[4429]: <<< dnPrettyNormal: <cn=Manager,dc=acadaca,dc=net>, <cn=manager,dc=acadaca,dc=net> Nov 5 15:00:33 ldap slapd[4429]: do_bind: version=3 dn="cn=Manager,dc=acadaca,dc=net" method=128 Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=0 BIND dn="cn=Manager,dc=acadaca,dc=net" method=128 Nov 5 15:00:33 ldap slapd[4429]: ==> bdb_bind: dn: cn=Manager,dc=acadaca,dc=net Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=0 BIND dn="cn=Manager,dc=acadaca,dc=net" mech=SIMPLE ssf=0 Nov 5 15:00:33 ldap slapd[4429]: do_bind: v3 bind: "cn=Manager,dc=acadaca,dc=net" to "cn=Manager,dc=acadaca,dc=net" Nov 5 15:00:33 ldap slapd[4429]: send_ldap_result: conn=5 op=0 p=3 Nov 5 15:00:33 ldap slapd[4429]: send_ldap_result: err=0 matched="" text="" Nov 5 15:00:33 ldap slapd[4429]: send_ldap_response: msgid=1 tag=97 err=0 Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=0 RESULT tag=97 err=0 text= Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on: Nov 5 15:00:33 ldap slapd[4429]: Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on: Nov 5 15:00:33 ldap slapd[4429]: 12r Nov 5 15:00:33 ldap slapd[4429]: Nov 5 15:00:33 ldap slapd[4429]: daemon: read active on 12 Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: connection_get(12) Nov 5 15:00:33 ldap slapd[4429]: connection_get(12): got connid=5 Nov 5 15:00:33 ldap slapd[4429]: connection_read(12): checking for input on id=5 Nov 5 15:00:33 ldap slapd[4429]: do_add Nov 5 15:00:33 ldap slapd[4429]: >>> dnPrettyNormal: <cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net> Nov 5 15:00:33 ldap slapd[4429]: <<< dnPrettyNormal: <cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net>, <cn=defaults,ou=sudoers,ou=services,dc=acadaca,dc=net> Nov 5 15:00:33 ldap slapd[4429]: do_add: dn (cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net) Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=1 ADD dn="cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net" Nov 5 15:00:33 ldap slapd[4429]: send_ldap_result: conn=5 op=1 p=3 Nov 5 15:00:33 ldap slapd[4429]: send_ldap_result: err=21 matched="" text="objectClass: value #1 invalid per syntax" Nov 5 15:00:33 ldap slapd[4429]: send_ldap_response: msgid=2 tag=105 err=21 Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=1 RESULT tag=105 err=21 text=objectClass: value #1 invalid per syntax Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on: Nov 5 15:00:33 ldap slapd[4429]: Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on: Nov 5 15:00:33 ldap slapd[4429]: 12r Nov 5 15:00:33 ldap slapd[4429]: Nov 5 15:00:33 ldap slapd[4429]: daemon: read active on 12 Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: connection_get(12) Nov 5 15:00:33 ldap slapd[4429]: connection_get(12): got connid=5 Nov 5 15:00:33 ldap slapd[4429]: connection_read(12): checking for input on id=5 Nov 5 15:00:33 ldap slapd[4429]: ber_get_next on fd 12 failed errno=0 (Success) Nov 5 15:00:33 ldap slapd[4429]: connection_read(12): input error=-2 id=5, closing. Nov 5 15:00:33 ldap slapd[4429]: connection_closing: readying conn=5 sd=12 for close Nov 5 15:00:33 ldap slapd[4429]: connection_close: deferring conn=5 sd=-1 Nov 5 15:00:33 ldap slapd[4429]: do_unbind Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=2 UNBIND Nov 5 15:00:33 ldap slapd[4429]: connection_resched: attempting closing conn=5 sd=12 Nov 5 15:00:33 ldap slapd[4429]: connection_close: conn=5 sd=-1 Nov 5 15:00:33 ldap slapd[4429]: daemon: removing 12 Nov 5 15:00:33 ldap slapd[4429]: conn=5 fd=12 closed Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on: Nov 5 15:00:33 ldap slapd[4429]: Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7 active_threads=0 tvp=NULL Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
And as mentioned this exact schema configuration is working fine under OpenLDAP 2.4 under FreeBSD and behaving as you saw under OpenLDAP 2.3 CentOS 5.4
And everything looks correct to me. Any further ideas on why this isn't working?
Thanks!
On Thu, Nov 4, 2010 at 6:03 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:
--On Thursday, November 04, 2010 5:47 PM -0400 Tim Dunphy bluethundr@gmail.com wrote:
however when I do a search for sudoRole it doesn't seem to show up
[root@ldap openldap]# ldapsearch -b '' -s base '(objectclass=*)' sudoRole -x -W -D "cn=Manager,dc=acadaca,dc=net"
That is not a valid search of the cn=subschema entry. I would note you fail to offer a -h or -H option, so who knows what LDAP server it is talking to.
ldapsearch -x -h zre-ldap001 -s base -b "cn=subschema" +
for example, searches the subschema entry on my system.
And my name has only one "n" in it.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
--On Friday, November 05, 2010 3:06 PM -0400 Tim Dunphy bluethundr@gmail.com wrote:
Hey guys,
And sorry to Quanah for the type-o. ;)
At any rate thanks for the ldapsearch. It did return a ton of information on the attributes defined in my schema:
[root@ldap2 ~]# ldapsearch -x -h ldap.acadaca.net -s base -b "cn=subschema" + | more # extended LDIF
If it doesn't show up here, then the LDAP server doesn't have it loaded. Perhaps there is an error in the schema file itself that is causing it not to be loaded. I would suggest starting slapd with -d -1 from the command line, and seeing what error(s) it complains about with that schema file.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org