R: Adding additional schema - objectClass: value #1 invalid per syntax

[Pierangelo Masarati <pierangelo.masarati@sys-net.it>]

----- "Ed Greenberg" <edg@greenberg.org> ha scritto:

> Hi folks,
> 
> I added the following to my schema directory:
> dn: cn=schema
> attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC
> 'User(s) 
> who may run sudo' EQUALITY caseExactIA5Match SUBSTR 
> caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
> X-ORIGIN 'SUDO' )
> attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC
> 'Host(s) 
> who may run sudo' EQUALITY caseExactIA5Match SUBSTR 
> caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
> X-ORIGIN 'SUDO' )
> attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 
> 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX
> 
> 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
> attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC
> 'User(s) 
> impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 
> 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
> attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 
> 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 
> 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
> objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top 
> STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser$ sudoHost

You're probably missing a whitespace between "sudoUser" and the "$".  I guess you're using OpenLDAP 2.3, which happens to often ignore errors instead of bailing out.  Run slapd with -d config to get at least a warning message, or migrate to 2.4, which is pickier about syntax errors.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------