[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: So close and yet so annoyed...



Thanks Boris. I'll follow your advice and read the docs a bit more.
They're a little confusing and the examples are really vague.
I think your explanation is much more helpful.

I've been running blind because I didn't understand the mandatory
attributes might be screwing me up. I didn't understand that there were
mandatory attributes. Maybe I need to get the O'Reilly book on LDAP.

I altered the data in root.ldif as you suggested but I still get the
"invalid data" error. The lack of documentation on the error messages
is keeping me in the dark on deciphering the problem.

[1812] cat ldifs/root.ldif
dn: dc=sdl,dc=org
objectclass: dcObject
objectclass: organization
o: SDL
dc: sdl

dn: cn=root, dc=sdl, dc=org
objectclass: organizationalRole
cn: root
-- root@gemini [/usr/local/etc/openldap] bash --
[1813] ldapadd -v -x -D "cn=root, dc=sdl, dc=org" -f ldifs/root.ldif -w
secret
ldap_initialize( <DEFAULT> )
add objectclass:
        dcObject
        organization
add o:
        SDL
add dc:
        sdl
adding new entry "dc=sdl,dc=org"
ldap_add: Invalid syntax
        additional info: value contains invalid data

ldif_record() = 21
--------------------------------


Thanks. I think I'm getting close to having this work so then I could
study it a bit more.


On Wed, 12 Dec 2001, Boris Shpungin wrote:

> Ken,
>
> I see you've made some changes to your setup...  First, make sure that you
> are starting out with a completely empty database (if there's something in
> your database already, it could interfere with the new entries you are
> trying to add.)  With LDBM it's pretty simple: just delete all the files
> under /usr/local/var/openldap-ldbm (as specified in your slapd.conf).
>
> Secondly, your ldif file:
>
> [1750] cat ldifs/root.ldif
> dn: cn=root,dc=sdl,dc=org
> objectclass: dcobject
> objectclass: top
> objectclass: organization
> dc: sdl
>
> is pretty messed up.  The root entry has to be of an organizationalRole
> objectclass, as per instructions (and in your case it isn't.)  Secondly, you
> need a special entry that matches your suffix before you can add entries
> under the suffix.  Here's what you want, given the setup you provided:
>
> dn: dc=sdl, dc=org
> objectclass: dcObject
> objectclass: organization
> o: SDL (or whatever description you want)
> dc: sdl
>
> dn: cn=root, dc=sdl, dc=org
> objectclass: organizationalRole
> cn: root
>
> You need to know several things here, which hold true not just for OpenLDAP
> but for any LDAP server.
>
> First, the various objectclasses you specify for an entry define its overall
> type.  Each objectclass specifies any number of mandatory and optional
> attributes.  Those attributes that are mandatory MUST be provided.  For
> example, the dcObject objectclass requires you to specify the value of the
> dc attribute, while organizationalRole requires the cn attribute and
> organization requires the o attribute.  To gain further insight into
> attributes and objectclasses, examine the
> /usr/local/etc/openldap/schema/core.schema file.
>
> Secondly, the leftmost component of the distinguished name (DN) of a new
> entry has to correspond to the name and value of one of the entry's
> attributes (the attribute based on which you want to ensure uniqueness of
> your entry in the LDAP tree.)  For example, if you are adding a new entry
> for your suffix "dc=sdl,dc=org", then this new entry MUST include an
> attribute-value pair "dc: sdl"; note that the "cn=root,..." entry also has
> to include the "cn: root" statement.  And so on.
>
> -Boris
>

My opinons aren't fit for public consumption