[Date Prev][Date Next] [Chronological] [Thread] [Top]

Newbie LDIF question



I've installed OpenLDAP, and it's running happily with TLS and SASL, so the next step is to create the hierarchy.
First the organisation (itops.com in this instance), then ou=People,dc=itops,dc=com (and so on for hosts, etc, etc).
I've trawled the web for examples and I'm obviously missing something which must be staring me in the face because nothing works:


root@ldap1 # cat eg1.ldif
dn: dc=itops,dc=com
objectclass: top
objectclass: organization
o: ITOPS
description: itops

root@ldap1 # /usr/local/bin/ldapadd -c -Y DIGEST-MD5 -U Manager -W -f eg1.ldif
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
SASL username: Manager
SASL SSF: 128
SASL installing layers
adding new entry "dc=itops,dc=com"
ldap_add: Naming violation (64)
additional info: naming attribute 'dc' is not present in entry


root@ldap1 #

Okay, so add a "dc" entry:

root@ldap1 # cat eg2.ldif
dn: dc=itops,dc=com
objectclass: top
objectclass: organization
o: ITOPS
dc: itops
description: itops

root@ldap1 # /usr/local/bin/ldapadd -c -Y DIGEST-MD5 -U Manager -W -f eg2.ldif
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
SASL username: Manager
SASL SSF: 128
SASL installing layers
adding new entry "dc=itops,dc=com"
ldap_add: Object class violation (65)
additional info: attribute 'dc' not allowed


root@ldap1 #

So it's not allowed??? Okay, add "dcObject" ... this is all trial-and-error, as you can see:

root@ldap1 # cat eg3.ldif
dn: dc=itops,dc=com
objectclass: top
objectclass: dcObject
objectclass: organization
o: ITOPS
dc: itops
description: itops

root@ldap1 # /usr/local/bin/ldapadd -c -Y DIGEST-MD5 -U Manager -W -f eg3.ldif
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
SASL username: Manager
SASL SSF: 128
SASL installing layers
adding new entry "dc=itops,dc=com"
ldap_add: No such object (32)


What does this "No such object" mean? I could add an object for "com", but it doesn't like that:
root@ldap1 # cat com.ldif
dn: dc=com
objectclass: top
objectclass: dcObject
objectclass: organization
o: com
dc: com
description: com
root@ldap1 # /usr/local/bin/ldapadd -c -Y DIGEST-MD5 -U Manager -W -f com.ldif
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
SASL username: Manager
SASL SSF: 128
SASL installing layers
adding new entry "dc=com"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge


root@ldap1 #

There must be a really simple answer to this; can anybody shed some light?

Cheers,

Steve
steve@itops.com