[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap schema

To: openldap-software@OpenLDAP.org
Subject: Re: ldap schema
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Thu, 15 Sep 2005 21:01:32 +0200
In-reply-to: <OF925DBB3B.4A087991-ON8525707D.003FF63E@plasticmoldings.com> (slyle@plasticmoldings.com's message of "Thu, 15 Sep 2005 07:50:52 -0400")
References: <OF925DBB3B.4A087991-ON8525707D.003FF63E@plasticmoldings.com>
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.5 (chestnut, linux)

slyle@plasticmoldings.com writes:

> What is the easy way / resources you know of to come up to speed on ldap 
> schema?
>
> I'm not finding a whole lo of support for understanding schema except to 
> read the schema files.
> Even then they are rather cryptic and difficult to relate to in functional 
> / actionable / practical information.
>
> There seems to be even less error trapping & reporting support from ldap 
> when ldapadd parses a ldif file.
> For example: I attempted to import:
> ---
> dn: uid=bbonzai,ou=People,dc=pmc
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount

> ---
> ldap_add: Invalid syntax (21)
>         additional info: objectClass: value #1 invalid per syntax
> ---
> Which of the four objectClasses above are in error?
> Which schema of the five default (from the slapd.conf included in the 
> installation of version 2.2.28) is being used to define the syntax so I 
> can lookup the correct schema?

The object class account will get you into trouble, as it is not what
you probably think it should be :-)
An account is not a person!
You are better off with object classes of the person chain,
inetorgperson would be a good choice.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

References:
- ldap schema
  - From: slyle@plasticmoldings.com

Prev by Date: Re: BDB Corruption problems
Next by Date: Re: OpenLDAP as kerberos client?
Index(es):
- Chronological
- Thread