[Date Prev][Date Next] [Chronological] [Thread] [Top]

Error adding schema: empty AttributeDescription



Hello,

I'm in the middle of upgrading our existing LDAP servers to new systems running OpenLDAP 2.4.40 on CentOS 6.9. I have over 10 years of experience managing LDAP directories in relatively simple environments, but this is my first time trying to use the dynamic runtime configuration engine.

I'm trying to add all the schemas I need with slapadd before I add a dump of the directory from our old servers with slapadd. I need a kerberos schema, so I copied the kerberos schema from /usr/share/doc/krb5-server-ldap-1.10.3/kerberos.ldif, to /etc/openldap/schema and modified it so it could be added with slapadd rather than ldapmodify, like all the other files in that directory.

Here's an example of the start of the file after making those changes:

dn: cn=kerberos,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: kerberos
olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName'
                EQUALITY caseExactIA5Match
        SUBSTR caseExactSubstringsMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

olcAttributeTypes: ( 1.2.840.113554.1.4.1.6.1
                NAME 'krbCanonicalName'
                EQUALITY caseExactIA5Match
                SUBSTR caseExactSubstringsMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
                SINGLE-VALUE)

olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.3.1
                NAME 'krbPrincipalType'
                EQUALITY integerMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
                SINGLE-VALUE)


When I try to add that file with slapadd. I get this error:

# slapadd  -n0 -F /etc/openldap/slapd.d -l kerberos.ldif
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)): empty AttributeDescription
slapadd: could not parse entry (line=1)
_# 6.36% eta none elapsed none spd 18.6 M/s
Closing DB...

Running the same command debugging set to -1, I get the following:


59138493 => str2entry: "dn: cn=kerberos,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: kerberos
olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName'
                EQUALITY caseExactIA5Match
        SUBSTR caseExactSubstringsMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
"
59138493 >>> dnPrettyNormal: <cn=kerberos,cn=schema,cn=config>
59138493 <<< dnPrettyNormal: <cn=kerberos,cn=schema,cn=config>, <cn=kerberos,cn=schema,cn=config>
59138493 <= str2entry NULL (parse_line)
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)): empty AttributeDescription
slapadd: could not parse entry (line=1)
59138493 slapadd shutdown: initiated
59138493 slapadd destroy: freeing system resources.

Any ideas what I'm doing wrong? I made similar changes to an autofs schema file, and I was able to add that just fine. Do I need to number each olcAttributeType entry by putting a number in curly braces ({0}, {1,}, etc.) at the start of each olcAttributeTypes entry?

--
Prentice