[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
- To: Howard Chu <hyc@symas.com>
- Subject: Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX
- From: Konstantin Boyandin <temmokan@gmail.com>
- Date: Thu, 13 Jan 2011 14:11:58 +0600
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=C5e5bX9MTxVR5Xkdop/mg4NaX5Qmd5S7jthkFjMOtj8=; b=wGjApj2rxu+ZN2tfN32/4qrONugJnBvDy7aXAUT+si1VY1nurW61JgD52q1+A2C57r kREGqeSy16PQI7TWdj/QS0/z8Bmq6l7kzhzpyt6v+mGxUVDB+thTdy8sJIKGiGZ8JNrv Bhtj/UZa4sa848t0ULsaJSqkd60XZnrSYXefQ=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=LkFCCM4xjxxlnkO6L9dUJU2cyg+bbInVMrN98SM+A1aX7RrFhOpvS/uBczwaRzwLwl EsqDKzKNeiQjAdHPDASxDxLlRDB5VANl9XGi4V7uId0eBV7ca/LH7VIx6Y1i6TSDkxbu zo92UWjBKE8U1kxS3AswGaStgxF3/c9w4hKLI=
- In-reply-to: <4D2EAC38.9040303@symas.com>
- References: <4D2E90C5.9080707@gmail.com> <4D2EAC38.9040303@symas.com>
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Thunderbird/3.1.7
13.01.2011 13:39, Howard Chu writes:
> Konstantin Boyandin wrote:
>> Hello,
>>
>> OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
>>
>> In order to enable ppolicy overlay, I am trying to create the relevant
>> entries, as specified in
>>
>> http://www.openldap.org/doc/admin24/overlays.html#Password%20Policies
>>
>> I import two LDIFs, first:
>>
>> dn: ou=Policies,dc=example,dc=com
>> objectClass: organizationalUnit
>> objectClass: top
>> ou: Policies
>>
>> and second
>>
>> dn: cn=default,ou=Policies,dc=example,dc=com
>> cn: default
>> objectClass: top
>> objectClass: pwdPolicy
>> objectClass: person
>> pwdAllowUserChange: TRUE
>> pwdAttribute: userPassword
>> pwdCheckQuality: 2
>> pwdExpireWarning: 600
>> pwdFailureCountInterval: 30
>> pwdGraceAuthNLimit: 2
>> pwdInHistory: 5
>> pwdLockout: TRUE
>> pwdLockoutDuration: 0
>> pwdMaxAge: 7776000
>> pwdMaxFailure: 5
>> pwdMinAge: 0
>> pwdMinLength: 5
>> pwdMustChange: FALSE
>> pwdSafeModify: FALSE
>> sn: dummy value
>>
>> The first loads OK.
>> When I try to import the second, I receive this diagnostics:
>>
>> Could not add object cn=default,ou=Policies,dc=itelsib,dc=com
>> Message: Invalid syntax
>> Error code: 0x15 (LDAP_INVALID_SYNTAX)
>> Error description: An invalid attribute value was specified.
>>
>> Could someone suggest what's wrong with the attribute name?
>
> OpenLDAP never produces the text you provided above. It seems you're
> using some other LDAP tool to do this import, and it is not showing you
> the actual error message sent from the server. OpenLDAP slapd will
> always identify the actual attribute and value that causes an error. I
> suggest you try importing this entry with OpenLDAP's ldapadd and examine
> the error message from there.
I tried importing with slapadd. The output:
str2entry: invalid value for attributeType pwdAttribute #0 (syntax
1.3.6.1.4.1.1466.115.121.1.38)
slapadd: could not parse entry (line=22)
The error above refers to the allowed value of pwdAttribute, which can
only be userPassword now.
The problem is the value for this attribute in LDIF *is* userPassword,
as in the cited sample. I checked the LDIF - no 'invisible' characters
around the value.
JFYI, I checked the values for the attributes using man page. This, and
other references provided with packages is where I look first prior to
asking on the Net.