[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Adding additional schema - objectClass: value #1 invalid per syntax
- To: openldap-software@openldap.org
- Subject: Adding additional schema - objectClass: value #1 invalid per syntax
- From: Ed Greenberg <edg@greenberg.org>
- Date: Mon, 09 Jun 2008 13:06:10 -0700
- User-agent: Thunderbird 2.0.0.14 (X11/20080501)
Hi folks,
I added the following to my schema directory:
dn: cn=schema
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s)
who may run sudo' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s)
who may run sudo' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC
'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s)
impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC
'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top
STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser$ sudoHost $
sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
and referenced it in slapd.conf as:
include /etc/openldap/schema/sudoers.schema
When I try to add this:
dn: cn=SU_WGADMIN,ou=SUDOers,dc=geni,dc=com
sudoHost: +srv-web
sudoHost: +srv-rs
sudoHost: +srv-memc
sudoHost: +srv-db
sudoHost: +srv-admin
sudoHost: +srv-office
sudoHost: +srv-solr
sudoHost: +srv-sn
sudoCommand: /bin/su - wgadmin
sudoCommand: /bin/su -l wgadmin
sudoCommand: /bin/su -l qa
sudoCommand: /bin/su - qa
sudoOption: !authenticate
objectClass: top
objectClass: sudoRole
cn: SU_WGADMIN
sudoUser: +ppl-eng
sudoUser: +fp-automation
I get the error:
add sudoHost:
+srv-web
+srv-rs
+srv-memc
+srv-db
+srv-admin
+srv-office
+srv-solr
+srv-sn
add sudoCommand:
/bin/su - wgadmin
/bin/su -l wgadmin
/bin/su -l qa
/bin/su - qa
add sudoOption:
!authenticate
add objectClass:
top
sudorole
add cn:
SU_WGADMIN
add sudoUser:
+ppl-eng
+fp-automation
adding new entry "cn=SU_WGADMIN,ou=SUDOers,dc=geni,dc=com"
modify complete
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
Trimming things down to just
dn: cn=SU_WGADMIN,ou=SUDOers,dc=geni,dc=com
objectClass: top
objectClass: sudoRole
cn: SU_WGADMIN
produces the same error, which makes sense. Reversing top and sudoRole
migrates the error from value #1 to value #0, which also makes sense.
On reviewing the list of available objectClasses with the GQ
application, I can't find the objectClass sudoRole, although I _can_
find the five attributes, in the attribute list.
I can't find a log that might tell me what is being loaded, and slapd
starts without error.
I also can't figure out how to dump the schemas with ldapsearch or any
other command, so I can check to see for myself what's in there.
Can anybody tell me what might be wrong, or how to continue to
investigate the problem?
Thanks,
</edg>