Re: Importing Netscape LDIF address book into OpenLDAP

[Philip Kizer <pckizer@nostrum.com>]

Thomas Brown <twb0@lymenet.org> wrote:
>I suspect there is something that needs to be tweaked in the schema before
>that can happen, as the 'ldifadd' command chokes on the 'mail' field:
>
># /opt/openldap/bin/ldapadd -f import.ldif -x -D
>"cn=Manager,o=mydomain.com" -W
>Enter LDAP Password:
>adding new entry "o=mydomain.com"
>adding new entry "cn=Manager, o=mydomain.com"
>adding new entry "cn=username, o=mydomain.com"
>ldap_add: Object class violation
>        additional info: attribute 'mail' not allowed

>dn: cn=username, o=mydomain.com
>cn: username
>sn: Firstname
>mail: username@mydomain.com
>objectclass: person

>The business-end of my slapd.conf file looks like this:
>
>include         /opt/ldap/etc/openldap/schema/core.schema

Note that core.schema defines 'person' as:
        MUST ( sn $ cn )
        MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )

There's no 'mail' (which is also rfc822mailbox) in there at all.

I think the most direct route would be to add to your LDIF as such:
  dn: cn=username, o=mydomain.com
  [ ... ]
  objectClass: inetOrgPerson

since that objectClass (inetOrgPerson) includes a:
  MAY ( mail )

although you would then need to include in your slapd.conf:
  include         /opt/ldap/etc/openldap/schema/inetorgperson.schema

Note:
  inetOrgPerson is in inetorgperson.schema, and
  depends on (from the SUP): organizationalPerson
and:
  organizationalPerson is in core.schema, and
  depends on (from it's SUP): person
which is already included with your include of core.schema.

Make sense?


-philip

-- 
Philip Kizer, Senior Lead Systems Engineer, Texas A&M University
USENIX Liaison to Texas A&M University         <usenix@tamu.edu>
Texas A&M CIS Operating Systems Group, Unix   <pckizer@tamu.edu>