[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap schema
Thank you that is good input.
Just to re-phrase you are implying I should change "objectClass: account" to "objectClass: inetorgperson"
Is this your suggestion?
"Dieter Kluenter" <dieter@dkluenter.de>
Sent by: owner-openldap-software@OpenLDAP.org
09/15/2005 03:01 PM
To: openldap-software@OpenLDAP.org
cc: (bcc: Steve Lyle/PlasticMoldings)
Subject: Re: ldap schema
slyle@plasticmoldings.com writes:
> What is the easy way / resources you know of to come up to speed on ldap
> schema?
>
> I'm not finding a whole lo of support for understanding schema except to
> read the schema files.
> Even then they are rather cryptic and difficult to relate to in
functional
> / actionable / practical information.
>
> There seems to be even less error trapping & reporting support from ldap
> when ldapadd parses a ldif file.
> For example: I attempted to import:
> ---
> dn: uid=bbonzai,ou=People,dc=pmc
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: shadowAccount
> ---
> ldap_add: Invalid syntax (21)
> additional info: objectClass: value #1 invalid per syntax
> ---
> Which of the four objectClasses above are in error?
> Which schema of the five default (from the slapd.conf included in the
> installation of version 2.2.28) is being used to define the syntax so I
> can lookup the correct schema?
The object class account will get you into trouble, as it is not what
you probably think it should be :-)
An account is not a person!
You are better off with object classes of the person chain,
inetorgperson would be a good choice.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6