|
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
![]() |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
#1
|
|||
|
|||
|
OpenLDAP - much confusion when adding entries
Hello all,
I've successfully installed OpenLDAP, got it running, written my own schema, and had slapd start fine with the schema I created. I'm now trying to add things using ldapadd and ldif files.. I've already added an organization, and now I'm trying to add an ou (using organizationalUnit), as I gather I need to add new people entries branched from this. It isn't working: using this in the LDIF file: dn: ou=People, o=myOrganisation, dc=myDomain, dc=com objectclass: organizationalUnit ou=People I get the following error: No such object matched DN: dc=myDomain, dc=com ldif_record()=32 Even though my slapd.conf file shows dc=myDomain, dc=com. I've successfully added the following (using the OpenLDAP quick start guide): dn: dc=myDomain,dc=com objectclass: dcObject objectclass: organization o: myOrganization dc: myDomain dn: cn=Manager,dc=myDomain,dc=com objectclass: organizationalRole cn: Manager I'm a bit lost now. I don't really understand whereabouts my actual people (who subclass from inetorgperson) go, and although I've heard they should go under o=People, I've yet to get that to work ![]() In short, I'm confused. Would anyone be able to give me any pointers? TIA, Gemma |
|
#2
|
||||
|
||||
|
You are all set - but you need to add the o=myOrganisation prior to adding the ou=People. Your previously added entry - though containing an o=myOrganisation doesn't do it. In fact - you should remove the o=myOrganisation attribute from your domainComponent so that:
dn: dc=myDomain,dc=com objectclass: dcObject dc: myDomain dn: ou=myOrganisation,dc=myDomain,dc=com objectclass: organization o: myOrganization Then add: dn: ou=People, o=myOrganisation, dc=myDomain, dc=com objectclass: organizationalUnit ou=People That should do it for you ... HTH |
|
#3
|
|||
|
|||
|
Thanks so much!
That makes a lot more sense than the example I was trying in the QuickStart Guide... Thanks for your help ![]() Gemma Quote:
|
|
#4
|
|||
|
|||
|
Hello, sorry, got a further question
![]() How do you go about removing the o=myOrganization from the dcObject? I've tried ldapmodify using dn: dc=myDomain, dc=com changetype: modify delete : o and it didn't work. I tried to delete the whole dc=myDomain, dc=com but it refused. Could you provide any hints please? Thanks ![]() |
|
#5
|
||||
|
||||
|
Does the command give you any errors at runtime?
Your ldif looks basically correct - though there is a space between delete and : Ideally it would look like: dn: dc=myDomain, dc=com changetype: modify delete: o Then: ldapmodify -h host -p port -D "binddn" -w bindpw -v -f xxx.ldif you should see: ldap_init( yourhost, yourport) delete o: modifying entry dc=myDomain,dc=com modify complete If it fails -the -v option on the ldapmodify will tell you why (or it should) - or you can check the error log on the directory server for more information .... HTH - let me know if it doesn't |
|
#6
|
|||
|
|||
|
Yeah, I'm getting an objectclass error: missing required attribute. Is this cos I specified to use objectclass: oganization in the dcObject bit? If so... how does one remove that?
In the worst case.... would I need to delete all the data and start again? How would I do this?! Thanks so much for your help, it seems OpenLDAP and its associations are a bit difficult to find good info on... ![]() Thanks! Gemma |
|
#7
|
||||
|
||||
|
Hmm - that is a strange error to get during deletion - you didn't specify that (o=myOrganization) in the slapd.conf file did you?
My next suggestion - to avoid having to delete and re-create the root suffix - is to use a tool like ldapbrowser to attempt deleting the o entry. To do this - specifically - you would need to connect to your server as the manager and left click on your root suffix. The attributes associated with this suffix will appear on the right hand side - simply right click the o attribute (not the value) and select edit - then delete value - and click ok. You may not have the ldapbrowser tool yet - but you will eventually need it anyway ... You can get it from: http://www.iit.edu/~gawojar/ldap/ |
|
#8
|
|||
|
|||
|
Nope, nothing odd like such in the slapd.conf. I tried deleting the attribute through ldapbrowser, but got the same message, so I rebuilt the tree. Since I hadn't managed to add anything meaningful anyway, it didn't take long
![]() One other thing: I've now got the o and ou set properly, by cannot add new people under ou=People. When I try to add a new record, I get a "incorrect syntax" kind of error against the following line: dn: cn=Sample Name, ou=People, o=myOrganization, dc=myDomain, dc=com I find this odd, since I've extended inetorgperson, and nothing else is required.... I also can't see anything wrong with this line, but then, I am a bit new to LDIF formatting... Have you any advice? Thanks so much for your wisdom and patience ![]() |
|
#9
|
||||
|
||||
|
I hate to be a pain - but could you just past that LDIF record (and the next one if you have more than one) on this site - just to be sure it looks ok?
Thanks ... |
|
#10
|
|||
|
|||
|
Here it is, I should have posted it earlier really...
(bear in mind it contains bits from my custom schema, which contains the objects emailPerson and NameViewPerson) dn: cn=Gemma Turtle, ou=People, o=myOrganization, dc=myDomain, dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgPerson objectclass: emailPerson objectclass: NameViewPerson cn=Gemma Turtle sn=Turtle telephoneNumber=000000000 departmentNumber=0001 employeeNumber=138016 employeeType=Temp givenName=Gemma Turtle labeledURI=www.aWebSite.com mobile=00000000000 roomNumber=43f uid=T138016 reportsTo=138019 countryCode=UK Even if I # out bits of it it still objects to the first line ![]() |
|
#11
|
||||
|
||||
|
Do you by chance have logging enabled? If so you may be able to discern the problem by attempting the addition then checking the error log - which is usually pretty descriptive as to why things fail - as opposed to the invalid syntax error. Moving forward it is always a good idea to enable the error log for this type of activity.
The LDIF looks fine - but I am not familar with your schema hierarchy - so it's a little hard to say for sure. Enabling the error log should let us know if there are schema issues. |
|
#12
|
|||
|
|||
|
I'm now a little confused as to how syslogd handles log information, and where it writes it to...
Once I've figured this out and generated some logs, I shall post them ![]() Thanks for your help! |
|
#13
|
|||
|
|||
|
Hello there again... I've configured openldap to log at levels -1 and 256, and configured syslogd to receive the messages and store them, but I'm not getting any from that request
I'm totally clueless now... Any ideas? |
|
#14
|
||||
|
||||
|
Howdy - two things to try:
1. Could you post the objectclass definitions for emailPerson and NameViewPerson 2. Have you tried adding (only as a test) the entry with a RDN tied to uid - like adding: dn: uid=T138016, ou=People, o=myOrganization, dc=myDomain, dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgPerson objectclass: emailPerson objectclass: NameViewPerson cn=Gemma Turtle sn=Turtle telephoneNumber=000000000 departmentNumber=0001 employeeNumber=138016 employeeType=Temp givenName=Gemma Turtle labeledURI=www.aWebSite.com mobile=00000000000 roomNumber=43f uid=T138016 reportsTo=138019 countryCode=UK I can't imagine this would work - but it will help narrow down the issue if it succeeds. |
|
#15
|
|||
|
|||
|
Hello there,
From trying to add the record with uid instead of cn in the top line, I've got the same incorrect format error message. My extended schema is as follows.... attributetype (1.1.2.1.1 NAME 'mailHost' DESC 'User mail host' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.1.2 NAME 'reportsTo' DESC 'Manager of this user' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.2.1 NAME 'calendar' DESC 'User calendar server' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.2.2 NAME 'desktopHost' DESC 'User desktop' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.2.3 NAME 'extendedAddress' DESC 'Internal mailstop' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.2.4 NAME 'extensionPhone' DESC 'Internal extension number' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.2.5 NAME 'globalLocation' DESC 'Building' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.2.6 NAME 'nickname' DESC 'User nickname or preferred name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.2.7 NAME 'pagerEmail' DESC 'Email to pager address' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.2.8 NAME 'altContact' DESC 'Alternative contact' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.2.9 NAME 'rfc822Recipient' DESC 'All valid mail addresses' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) attributetype (1.1.2.2.10 NAME 'countryCode' DESC 'Country code' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) objectclass (1.1.2.1 NAME 'emailPerson' SUP inetOrgPerson STRUCTURAL MAY ( mailHost $ reportsTo ) ) objectclass (1.1.2.2 NAME 'NameViewPerson' SUP emailPerson STRUCTURAL MUST ( cn $ sn ) MAY ( calendar $ desktopHost $ extendedAddress $ extensionPhone $ globalLocation $ nickname $ pagerEmail $ altContact $ rfc822Recipient $ countryCode ) ) Apologies for the awful formatting... hopefully this makes sense / is correct ![]() Thanks for your continued help! Gemma |
![]() |
| Viewing: Dev Shed Forums > Databases > LDAP Programming > OpenLDAP - much confusion when adding entries |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
Linear Mode |