[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Importing Netscape LDIF address book into OpenLDAP
Thomas Brown <twb0@lymenet.org> wrote:
>I suspect there is something that needs to be tweaked in the schema before
>that can happen, as the 'ldifadd' command chokes on the 'mail' field:
>
># /opt/openldap/bin/ldapadd -f import.ldif -x -D
>"cn=Manager,o=mydomain.com" -W
>Enter LDAP Password:
>adding new entry "o=mydomain.com"
>adding new entry "cn=Manager, o=mydomain.com"
>adding new entry "cn=username, o=mydomain.com"
>ldap_add: Object class violation
> additional info: attribute 'mail' not allowed
>dn: cn=username, o=mydomain.com
>cn: username
>sn: Firstname
>mail: username@mydomain.com
>objectclass: person
>The business-end of my slapd.conf file looks like this:
>
>include /opt/ldap/etc/openldap/schema/core.schema
Note that core.schema defines 'person' as:
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
There's no 'mail' (which is also rfc822mailbox) in there at all.
I think the most direct route would be to add to your LDIF as such:
dn: cn=username, o=mydomain.com
[ ... ]
objectClass: inetOrgPerson
since that objectClass (inetOrgPerson) includes a:
MAY ( mail )
although you would then need to include in your slapd.conf:
include /opt/ldap/etc/openldap/schema/inetorgperson.schema
Note:
inetOrgPerson is in inetorgperson.schema, and
depends on (from the SUP): organizationalPerson
and:
organizationalPerson is in core.schema, and
depends on (from it's SUP): person
which is already included with your include of core.schema.
Make sense?
-philip
--
Philip Kizer, Senior Lead Systems Engineer, Texas A&M University
USENIX Liaison to Texas A&M University <usenix@tamu.edu>
Texas A&M CIS Operating Systems Group, Unix <pckizer@tamu.edu>