Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    28
    Rep Power
    0

    OpenLDAP - much confusion when adding entries


    Hello all,

    I've successfully installed OpenLDAP, got it running, written my own schema, and had slapd start fine with the schema I created.

    I'm now trying to add things using ldapadd and ldif files..

    I've already added an organization, and now I'm trying to add an ou (using organizationalUnit), as I gather I need to add new people entries branched from this.

    It isn't working: using this in the LDIF file:

    dn: ou=People, o=myOrganisation, dc=myDomain, dc=com
    objectclass: organizationalUnit
    ou=People

    I get the following error:

    No such object matched DN: dc=myDomain, dc=com
    ldif_record()=32

    Even though my slapd.conf file shows dc=myDomain, dc=com.

    I've successfully added the following (using the OpenLDAP quick start guide):

    dn: dc=myDomain,dc=com
    objectclass: dcObject
    objectclass: organization
    o: myOrganization
    dc: myDomain

    dn: cn=Manager,dc=myDomain,dc=com
    objectclass: organizationalRole
    cn: Manager

    I'm a bit lost now. I don't really understand whereabouts my actual people (who subclass from inetorgperson) go, and although I've heard they should go under o=People, I've yet to get that to work

    In short, I'm confused. Would anyone be able to give me any pointers?

    TIA,
    Gemma
  2. #2
  3. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    12
    You are all set - but you need to add the o=myOrganisation prior to adding the ou=People. Your previously added entry - though containing an o=myOrganisation doesn't do it. In fact - you should remove the o=myOrganisation attribute from your domainComponent so that:

    dn: dc=myDomain,dc=com
    objectclass: dcObject
    dc: myDomain

    dn: ou=myOrganisation,dc=myDomain,dc=com
    objectclass: organization
    o: myOrganization

    Then add:

    dn: ou=People, o=myOrganisation, dc=myDomain, dc=com
    objectclass: organizationalUnit
    ou=People

    That should do it for you ...

    HTH
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    28
    Rep Power
    0
    Thanks so much!

    That makes a lot more sense than the example I was trying in the QuickStart Guide...

    Thanks for your help
    Gemma

    Originally Posted by ldap4u
    You are all set - but you need to add the o=myOrganisation prior to adding the ou=People. Your previously added entry - though containing an o=myOrganisation doesn't do it. In fact - you should remove the o=myOrganisation attribute from your domainComponent so that:

    dn: dc=myDomain,dc=com
    objectclass: dcObject
    dc: myDomain

    dn: ou=myOrganisation,dc=myDomain,dc=com
    objectclass: organization
    o: myOrganization

    Then add:

    dn: ou=People, o=myOrganisation, dc=myDomain, dc=com
    objectclass: organizationalUnit
    ou=People

    That should do it for you ...

    HTH
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    28
    Rep Power
    0
    Hello, sorry, got a further question

    How do you go about removing the o=myOrganization from the dcObject?

    I've tried ldapmodify using

    dn: dc=myDomain, dc=com
    changetype: modify
    delete : o

    and it didn't work. I tried to delete the whole dc=myDomain, dc=com but it refused.

    Could you provide any hints please?

    Thanks
  8. #5
  9. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    12
    Does the command give you any errors at runtime?

    Your ldif looks basically correct - though there is a space between delete and :

    Ideally it would look like:

    dn: dc=myDomain, dc=com
    changetype: modify
    delete: o

    Then:

    ldapmodify -h host -p port -D "binddn" -w bindpw -v -f xxx.ldif

    you should see:

    ldap_init( yourhost, yourport)
    delete o:
    modifying entry dc=myDomain,dc=com
    modify complete

    If it fails -the -v option on the ldapmodify will tell you why (or it should) - or you can check the error log on the directory server for more information ....

    HTH - let me know if it doesn't
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    28
    Rep Power
    0
    Yeah, I'm getting an objectclass error: missing required attribute. Is this cos I specified to use objectclass: oganization in the dcObject bit? If so... how does one remove that?

    In the worst case.... would I need to delete all the data and start again? How would I do this?!

    Thanks so much for your help, it seems OpenLDAP and its associations are a bit difficult to find good info on...

    Thanks!
    Gemma
  12. #7
  13. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    12
    Hmm - that is a strange error to get during deletion - you didn't specify that (o=myOrganization) in the slapd.conf file did you?

    My next suggestion - to avoid having to delete and re-create the root suffix - is to use a tool like ldapbrowser to attempt deleting the o entry.

    To do this - specifically - you would need to connect to your server as the manager and left click on your root suffix. The attributes associated with this suffix will appear on the right hand side - simply right click the o attribute (not the value) and select edit - then delete value - and click ok.

    You may not have the ldapbrowser tool yet - but you will eventually need it anyway ... You can get it from:

    http://www.iit.edu/~gawojar/ldap/
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    28
    Rep Power
    0
    Nope, nothing odd like such in the slapd.conf. I tried deleting the attribute through ldapbrowser, but got the same message, so I rebuilt the tree. Since I hadn't managed to add anything meaningful anyway, it didn't take long

    One other thing: I've now got the o and ou set properly, by cannot add new people under ou=People. When I try to add a new record, I get a "incorrect syntax" kind of error against the following line:

    dn: cn=Sample Name, ou=People, o=myOrganization, dc=myDomain, dc=com

    I find this odd, since I've extended inetorgperson, and nothing else is required.... I also can't see anything wrong with this line, but then, I am a bit new to LDIF formatting...

    Have you any advice?

    Thanks so much for your wisdom and patience
  16. #9
  17. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    12
    I hate to be a pain - but could you just past that LDIF record (and the next one if you have more than one) on this site - just to be sure it looks ok?

    Thanks ...
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    28
    Rep Power
    0
    Here it is, I should have posted it earlier really...

    (bear in mind it contains bits from my custom schema, which contains the objects emailPerson and NameViewPerson)

    dn: cn=Gemma Turtle, ou=People, o=myOrganization, dc=myDomain, dc=com
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetorgPerson
    objectclass: emailPerson
    objectclass: NameViewPerson
    cn=Gemma Turtle
    sn=Turtle
    telephoneNumber=000000000
    departmentNumber=0001
    employeeNumber=138016
    employeeType=Temp
    givenName=Gemma Turtle
    labeledURI=www.aWebSite.com
    mobile=00000000000
    roomNumber=43f
    uid=T138016
    reportsTo=138019
    countryCode=UK

    Even if I # out bits of it it still objects to the first line
  20. #11
  21. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    12
    Do you by chance have logging enabled? If so you may be able to discern the problem by attempting the addition then checking the error log - which is usually pretty descriptive as to why things fail - as opposed to the invalid syntax error. Moving forward it is always a good idea to enable the error log for this type of activity.

    The LDIF looks fine - but I am not familar with your schema hierarchy - so it's a little hard to say for sure. Enabling the error log should let us know if there are schema issues.
  22. #12
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    28
    Rep Power
    0
    I'm now a little confused as to how syslogd handles log information, and where it writes it to...

    Once I've figured this out and generated some logs, I shall post them

    Thanks for your help!
  24. #13
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    28
    Rep Power
    0
    Hello there again... I've configured openldap to log at levels -1 and 256, and configured syslogd to receive the messages and store them, but I'm not getting any from that request I'm totally clueless now... Any ideas?
  26. #14
  27. Chris Larivee
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Location
    Littleton, CO
    Posts
    72
    Rep Power
    12
    Howdy - two things to try:

    1. Could you post the objectclass definitions for emailPerson and NameViewPerson

    2. Have you tried adding (only as a test) the entry with a RDN tied to uid - like adding:

    dn: uid=T138016, ou=People, o=myOrganization, dc=myDomain, dc=com
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetorgPerson
    objectclass: emailPerson
    objectclass: NameViewPerson
    cn=Gemma Turtle
    sn=Turtle
    telephoneNumber=000000000
    departmentNumber=0001
    employeeNumber=138016
    employeeType=Temp
    givenName=Gemma Turtle
    labeledURI=www.aWebSite.com
    mobile=00000000000
    roomNumber=43f
    uid=T138016
    reportsTo=138019
    countryCode=UK

    I can't imagine this would work - but it will help narrow down the issue if it succeeds.
  28. #15
  29. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    28
    Rep Power
    0
    Hello there,

    From trying to add the record with uid instead of cn in the top line, I've got the same incorrect format error message. My extended schema is as follows....

    attributetype (1.1.2.1.1 NAME 'mailHost'
    DESC 'User mail host'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.1.2 NAME 'reportsTo'
    DESC 'Manager of this user'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.2.1 NAME 'calendar'
    DESC 'User calendar server'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.2.2 NAME 'desktopHost'
    DESC 'User desktop'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.2.3 NAME 'extendedAddress'
    DESC 'Internal mailstop'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.2.4 NAME 'extensionPhone'
    DESC 'Internal extension number'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.2.5 NAME 'globalLocation'
    DESC 'Building'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.2.6 NAME 'nickname'
    DESC 'User nickname or preferred name'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.2.7 NAME 'pagerEmail'
    DESC 'Email to pager address'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.2.8 NAME 'altContact'
    DESC 'Alternative contact'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.2.9 NAME 'rfc822Recipient'
    DESC 'All valid mail addresses'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)

    attributetype (1.1.2.2.10 NAME 'countryCode'
    DESC 'Country code'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)


    objectclass (1.1.2.1 NAME 'emailPerson' SUP inetOrgPerson
    STRUCTURAL
    MAY ( mailHost $
    reportsTo ) )

    objectclass (1.1.2.2 NAME 'NameViewPerson' SUP emailPerson
    STRUCTURAL
    MUST ( cn $
    sn )
    MAY ( calendar $
    desktopHost $
    extendedAddress $
    extensionPhone $
    globalLocation $
    nickname $
    pagerEmail $
    altContact $
    rfc822Recipient $
    countryCode ) )

    Apologies for the awful formatting... hopefully this makes sense / is correct

    Thanks for your continued help!
    Gemma
Page 1 of 2 12 Last
  • Jump to page:

Similar Threads

  1. new to PHP-MySQL, deleting entries from database
    By gyppo100 in forum MySQL Help
    Replies: 4
    Last Post: February 1st, 2004, 11:37 AM
  2. Whois Servers and nomatch value
    By computer in forum Dev Shed Lounge
    Replies: 7
    Last Post: November 7th, 2003, 07:06 AM
  3. Retaining checkbox entries
    By siric in forum PHP Development
    Replies: 4
    Last Post: September 3rd, 2003, 04:59 PM
  4. adding entries to txt in certain order
    By JiggaMan in forum PHP Development
    Replies: 4
    Last Post: July 20th, 2003, 12:09 AM

IMN logo majestic logo threadwatch logo seochat tools logo