Hi All
I am a novice with openldap. I just install on a freeBSD 7.0 with ports. I configure slapd.conf as best as i can. I configure rc.conf, I test my slapd daemon with slapdtest and it's ok. I start slapd with /usr/local/etc/rc.d/slapd start. Well, I create a little .ldif file to test. And I add at my database with :
ldapadd -x -D "cn=root,dc=toto,dc=fr" -W -f test.ldif
And I have :
Enter LDAP Password: adding new entry "dc=toto,dc=fr" ldapadd: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
The content of my test.ldif :
dn: dc=toto,dc=fr objectClass: dcObject objectClass: organizationUnitName ou: test dc: toto
My slapd.conf
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema
#Radius include /usr/local/etc/openldap/schema/RADIUS-LDAPv3.schema
schemascheck on
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
#loglevel 4
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb
#Basic ACL access to attrs=userPassword by self write by anonymous auth by dn="cn=root,dc=toto,dc=fr" write by * none
access to * by dn="cn=root,dc=toto,dc=fr" write by * read
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=toto,dc=fr" rootdn "cn=root,dc=toto,dc=fr" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. #rootpw secret rootpw {SSHA}ERk1pX08CCoUT2Hixj/kR9Zx8NpJmx+0 # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/db/openldap-data # Indices to maintain index objectClass eq
Why I can't add my ldif ? If someone can help me, thanks
If I put organisation instead of organisationalUnit in my ldif, it works ! (and o instead ou of course)
Regards
François
François Mehault writes:
ldapadd: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
objectClass: dcObject objectClass: organizationUnitName
2nd line ("value #1" is counted from 0) should be objectClass: organizationalUnit
organizationUnitName is a misspelling of "organizationalUnitName" which is an alias for the attribute type "ou".
To keep those straight, think of the LDAP/X.500 data model: An LDAP entry describes some real-world entity, and its objectClass indicates what kind of entity it describes: In this case an organizational unit (department, institute, whatever), not just the unit's name. *One* of the things it must say is the org.unit's name, so it must contain "ou" aka "organizationalUnitName".
On Thu, Apr 23, 2009 at 05:43:34PM +0200, François Mehault wrote:
Enter LDAP Password: adding new entry "dc=toto,dc=fr" ldapadd: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
So the first value of the objectClass attribute is bad.
The content of my test.ldif :
dn: dc=toto,dc=fr objectClass: dcObject objectClass: organizationUnitName ou: test dc: toto
Why I can't add my ldif ? If someone can help me, thanks
If I put organisation instead of organisationalUnit in my ldif, it works ! (and o instead ou of course)
In the LDIF you quote, the value giving trouble is probably 'organizationUnitName' - it should be: 'organizationalUnit'
Note the American spelling (z not s), and the fact that the objectclass defines the type. 'organizationalUnitName' is an attribute name, and is usually expressed as 'ou' in any case.
Andrew
Thanks, I was stupid, I had tested organizationUnit instead of organizationUnitName before sent you a mail, but my error was organizationUnit instead of organizationalUnit. Well, now it works and I can focus on another problem with phpldapadmin, but it's another mailing list.
Thanks for your response.
Regards,
François
-----Message d'origine----- De : openldap-technical-bounces+francois.mehault=netplus.fr@OpenLDAP.org [mailto:openldap-technical-bounces+francois.mehault=netplus.fr@OpenLDAP.org] De la part de Andrew Findlay Envoyé : jeudi 23 avril 2009 18:48 À : François Mehault Cc : openldap-technical@openldap.org Objet : Re: ldapadd: Invalid syntax (21)
On Thu, Apr 23, 2009 at 05:43:34PM +0200, François Mehault wrote:
Enter LDAP Password: adding new entry "dc=toto,dc=fr" ldapadd: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
So the first value of the objectClass attribute is bad.
The content of my test.ldif :
dn: dc=toto,dc=fr objectClass: dcObject objectClass: organizationUnitName ou: test dc: toto
Why I can't add my ldif ? If someone can help me, thanks
If I put organisation instead of organisationalUnit in my ldif, it works ! (and o instead ou of course)
In the LDIF you quote, the value giving trouble is probably 'organizationUnitName' - it should be: 'organizationalUnit'
Note the American spelling (z not s), and the fact that the objectclass defines the type. 'organizationalUnitName' is an attribute name, and is usually expressed as 'ou' in any case.
Andrew -- ----------------------------------------------------------------------- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 | -----------------------------------------------------------------------
openldap-technical@openldap.org
-
Andrew Findlay -
François Mehault -
Hallvard B Furuseth