Ok, this may seem like old hat to some of you, but I''m feeling like
I''m
playing stump the dummy with my computer. I am trying to modify my
directory''s schema to add support for Open-XChange. I have a schema
file
that I have converted to FDS format from the shipped OpenLDAP format
(thanks to tools on the Fedora Directory Server site), but I can''t seem
to add this to the server. I first tried:
Code:
[root@bastet ~]# ldapmodify -h localhost -x -f openxchange.ldif2
modifying entry "cn=schema"
ldap_modify: Insufficient access (50)
additional info: Insufficient ''write'' privilege to the
''attributeTypes'' attribute of entry
''cn=schema''.
I then tried:
Code:
[root@bastet ~]# ldapadd -x -D "cn=Directory Manager,dc=domain,dc=net"
-h localhost -W -f openxchange.ldif2
Enter LDAP Password:
ldap_bind: No such object (32)
matched DN: dc=domain,dc=net
As you can see, I''m getting really stumped. What is the right command
that I''m missing? I''m new to the directory server realm and
this has
been my attempt at trying to learn. Thanks for any assistance you can
provide.
Alex
An excert of the schema follows:
#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributeTypes: (
1.1.2.1.1.1
NAME ( ''mailEnabled'' )
DESC ''Is the user enabled or not, for pam_ldap,postfix etc.
filtering...''
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
SINGLE-VALUE
)
#
################################################################################
#
attributeTypes: (
1.1.2.1.1.2
NAME ( ''alias'' )
DESC ''email alias''
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
)
#
################################################################################
#
attributeTypes: (
1.1.2.1.1.3
NAME ( ''imapServer'' )
DESC ''Users Imap Server''
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
SINGLE-VALUE
)
...
------------------------------------
This email has been ClamScanned!
www.clamav.net
> I then tried: > Code: > [root@bastet ~]# ldapadd -x -D "cn=Directory Manager,dc=domain,dc=net" -h > localhost -W -f openxchange.ldif2 > Enter LDAP Password: > ldap_bind: No such object (32) > matched DN: dc=domain,dc=netThis is close, you just need to use the right DN for the Directory Manager. Try: ldapadd -x -D "cn=Directory Manager" ... Directory Manager is a special DN that doesn''t exist inside your suffix. ----- Original Message ----- From: "Alex Ackerman" <alex@darkhonor.com> To: <fedora-directory-users@redhat.com> Sent: Saturday, March 25, 2006 4:04 PM Subject: [Fedora-directory-users] Question on FDS Usage> Ok, this may seem like old hat to some of you, but I''m feeling like I''m > playing stump the dummy with my computer. I am trying to modify my > directory''s schema to add support for Open-XChange. I have a schema file > that I have converted to FDS format from the shipped OpenLDAP format > (thanks to tools on the Fedora Directory Server site), but I can''t seem > to add this to the server. I first tried: > > Code: > [root@bastet ~]# ldapmodify -h localhost -x -f openxchange.ldif2 > modifying entry "cn=schema" > ldap_modify: Insufficient access (50) > additional info: Insufficient ''write'' privilege to the > ''attributeTypes'' attribute of entry ''cn=schema''. > > I then tried: > Code: > [root@bastet ~]# ldapadd -x -D "cn=Directory Manager,dc=domain,dc=net" -h > localhost -W -f openxchange.ldif2 > Enter LDAP Password: > ldap_bind: No such object (32) > matched DN: dc=domain,dc=net > > As you can see, I''m getting really stumped. What is the right command > that I''m missing? I''m new to the directory server realm and this has > been my attempt at trying to learn. Thanks for any assistance you can > provide. > > Alex > > An excert of the schema follows: > # > ################################################################################ > # > dn: cn=schema > # > ################################################################################ > # > attributeTypes: ( > 1.1.2.1.1.1 > NAME ( ''mailEnabled'' ) > DESC ''Is the user enabled or not, for pam_ldap,postfix etc. > filtering...'' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} > SINGLE-VALUE > ) > # > ################################################################################ > # > attributeTypes: ( > 1.1.2.1.1.2 > NAME ( ''alias'' ) > DESC ''email alias'' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} > ) > # > ################################################################################ > # > attributeTypes: ( > 1.1.2.1.1.3 > NAME ( ''imapServer'' ) > DESC ''Users Imap Server'' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} > SINGLE-VALUE > ) > ... > > > > ------------------------------------ > This email has been ClamScanned! > www.clamav.net > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > >
Richard Megginson
2006-Mar-27 16:02 UTC
Re: [Fedora-directory-users] Question on FDS Usage
George Holbert wrote:>> I then tried: >> Code: >> [root@bastet ~]# ldapadd -x -D "cn=Directory >> Manager,dc=domain,dc=net" -h localhost -W -f openxchange.ldif2 >> Enter LDAP Password: >> ldap_bind: No such object (32) >> matched DN: dc=domain,dc=net > > > This is close, you just need to use the right DN for the Directory > Manager. Try: > ldapadd -x -D "cn=Directory Manager" ... > > Directory Manager is a special DN that doesn''t exist inside your suffix.You can also just copy your schema file into the config/schema directory and restart the server e.g. cp openxchange.ldif2 slapd-instance/config/schema/60openxchange.ldif> > ----- Original Message ----- From: "Alex Ackerman" <alex@darkhonor.com> > To: <fedora-directory-users@redhat.com> > Sent: Saturday, March 25, 2006 4:04 PM > Subject: [Fedora-directory-users] Question on FDS Usage > > >> Ok, this may seem like old hat to some of you, but I''m feeling like I''m >> playing stump the dummy with my computer. I am trying to modify my >> directory''s schema to add support for Open-XChange. I have a schema file >> that I have converted to FDS format from the shipped OpenLDAP format >> (thanks to tools on the Fedora Directory Server site), but I can''t seem >> to add this to the server. I first tried: >> >> Code: >> [root@bastet ~]# ldapmodify -h localhost -x -f openxchange.ldif2 >> modifying entry "cn=schema" >> ldap_modify: Insufficient access (50) >> additional info: Insufficient ''write'' privilege to the >> ''attributeTypes'' attribute of entry ''cn=schema''. >> >> I then tried: >> Code: >> [root@bastet ~]# ldapadd -x -D "cn=Directory >> Manager,dc=domain,dc=net" -h localhost -W -f openxchange.ldif2 >> Enter LDAP Password: >> ldap_bind: No such object (32) >> matched DN: dc=domain,dc=net >> >> As you can see, I''m getting really stumped. What is the right command >> that I''m missing? I''m new to the directory server realm and this has >> been my attempt at trying to learn. Thanks for any assistance you can >> provide. >> >> Alex >> >> An excert of the schema follows: >> # >> ################################################################################ >> >> # >> dn: cn=schema >> # >> ################################################################################ >> >> # >> attributeTypes: ( >> 1.1.2.1.1.1 >> NAME ( ''mailEnabled'' ) >> DESC ''Is the user enabled or not, for pam_ldap,postfix etc. >> filtering...'' >> EQUALITY caseIgnoreMatch >> SUBSTR caseIgnoreSubstringsMatch >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} >> SINGLE-VALUE >> ) >> # >> ################################################################################ >> >> # >> attributeTypes: ( >> 1.1.2.1.1.2 >> NAME ( ''alias'' ) >> DESC ''email alias'' >> EQUALITY caseIgnoreMatch >> SUBSTR caseIgnoreSubstringsMatch >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} >> ) >> # >> ################################################################################ >> >> # >> attributeTypes: ( >> 1.1.2.1.1.3 >> NAME ( ''imapServer'' ) >> DESC ''Users Imap Server'' >> EQUALITY caseIgnoreMatch >> SUBSTR caseIgnoreSubstringsMatch >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} >> SINGLE-VALUE >> ) >> ... >> >> >> >> ------------------------------------ >> This email has been ClamScanned! >> www.clamav.net >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Thank you both for your assistance. I tried the new ldapadd statement
and received the following error:
adding new entry "cn=schema"
ldap_add: Object class violation (65)
additional info: missing required attribute "objectclass"
Not having any more info than this, I tried placing the schema in the
schema directory. Upon restart I received the following error:
[root@bastet slapd-bastet]# ./restart-slapd
[28/Mar/2006:05:07:49 -0500] dse - The entry cn=schema in
file /opt/fedora-ds/slapd-bastet/config/schema/60openxchange.ldif is
invalid, error code 20 (Type or value exists) - attribute type url: Does
not match the OID "1.1.2.1.1.45". Another attribute type is already
using the name or OID.
[28/Mar/2006:05:07:50 -0500] dse - Please edit the file to correct the
reported problems and then restart the server.
The line that caused this in 60openxchange.ldif is:
attributeTypes: (
1.1.2.1.1.45
NAME ( ''url'' )
DESC ''Users business Homepage''
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
It is conflicting with the following line in 50ns-legacy.ldif:
attributeTypes: ( url-oid NAME ''url'' DESC ''Netscape
defined attribute
type'' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ''Netscape
Legacy'' )
For kicks, I commented out the following lines and the server started
up.
#attributeTypes: ( url-oid NAME ''url'' DESC ''Netscape
defined attribute
type'' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ''Netscape
Legacy'' )
#objectClasses: ( nsLegacyServer-oid NAME ''nsLegacyServer''
DESC
''Netscape defined objectclass'' SUP netscapeServer MAY (
nsServerID $
url ) X-ORIGIN ''Netscape Legacy'' )
Now, the real question: what is these definitions for and have I done
something I''m going to regret later? Is there a better solution
assuming that I can''t modify the schema for OpenXChange?
Thank you,
Alex
On Mon, 2006-03-27 at 09:02 -0700, Richard Megginson
wrote:> George Holbert wrote:
> >> I then tried:
> >> Code:
> >> [root@bastet ~]# ldapadd -x -D "cn=Directory
> >> Manager,dc=domain,dc=net" -h localhost -W -f
openxchange.ldif2
> >> Enter LDAP Password:
> >> ldap_bind: No such object (32)
> >> matched DN: dc=domain,dc=net
> >
> >
> > This is close, you just need to use the right DN for the Directory
> > Manager. Try:
> > ldapadd -x -D "cn=Directory Manager" ...
> >
> > Directory Manager is a special DN that doesn''t exist inside
your suffix.
> You can also just copy your schema file into the config/schema directory
> and restart the server e.g. cp openxchange.ldif2
> slapd-instance/config/schema/60openxchange.ldif
> >
> > ----- Original Message ----- From: "Alex Ackerman"
<alex@darkhonor.com>
> > To: <fedora-directory-users@redhat.com>
> > Sent: Saturday, March 25, 2006 4:04 PM
> > Subject: [Fedora-directory-users] Question on FDS Usage
> >
> >
> >> Ok, this may seem like old hat to some of you, but I''m
feeling like I''m
> >> playing stump the dummy with my computer. I am trying to modify my
> >> directory''s schema to add support for Open-XChange. I
have a schema file
> >> that I have converted to FDS format from the shipped OpenLDAP
format
> >> (thanks to tools on the Fedora Directory Server site), but I
can''t seem
> >> to add this to the server. I first tried:
> >>
> >> Code:
> >> [root@bastet ~]# ldapmodify -h localhost -x -f openxchange.ldif2
> >> modifying entry "cn=schema"
> >> ldap_modify: Insufficient access (50)
> >> additional info: Insufficient ''write''
privilege to the
> >> ''attributeTypes'' attribute of entry
''cn=schema''.
> >>
> >> I then tried:
> >> Code:
> >> [root@bastet ~]# ldapadd -x -D "cn=Directory
> >> Manager,dc=domain,dc=net" -h localhost -W -f
openxchange.ldif2
> >> Enter LDAP Password:
> >> ldap_bind: No such object (32)
> >> matched DN: dc=domain,dc=net
> >>
> >> As you can see, I''m getting really stumped. What is the
right command
> >> that I''m missing? I''m new to the directory
server realm and this has
> >> been my attempt at trying to learn. Thanks for any assistance you
can
> >> provide.
> >>
> >> Alex
> >>
> >> An excert of the schema follows:
> >> #
> >>
################################################################################
> >>
> >> #
> >> dn: cn=schema
> >> #
> >>
################################################################################
> >>
> >> #
> >> attributeTypes: (
> >> 1.1.2.1.1.1
> >> NAME ( ''mailEnabled'' )
> >> DESC ''Is the user enabled or not, for pam_ldap,postfix
etc.
> >> filtering...''
> >> EQUALITY caseIgnoreMatch
> >> SUBSTR caseIgnoreSubstringsMatch
> >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
> >> SINGLE-VALUE
> >> )
> >> #
> >>
################################################################################
> >>
> >> #
> >> attributeTypes: (
> >> 1.1.2.1.1.2
> >> NAME ( ''alias'' )
> >> DESC ''email alias''
> >> EQUALITY caseIgnoreMatch
> >> SUBSTR caseIgnoreSubstringsMatch
> >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
> >> )
> >> #
> >>
################################################################################
> >>
> >> #
> >> attributeTypes: (
> >> 1.1.2.1.1.3
> >> NAME ( ''imapServer'' )
> >> DESC ''Users Imap Server''
> >> EQUALITY caseIgnoreMatch
> >> SUBSTR caseIgnoreSubstringsMatch
> >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
> >> SINGLE-VALUE
> >> )
> >> ...
> >>
> >>
> >>
> >> ------------------------------------
> >> This email has been ClamScanned!
> >> www.clamav.net
> >>
> >> --
> >> Fedora-directory-users mailing list
> >> Fedora-directory-users@redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >>
> >
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
------------------------------------
This email has been ClamScanned!
www.clamav.net
Richard Megginson
2006-Mar-28 15:06 UTC
Re: [Fedora-directory-users] Question on FDS Usage
Alex Ackerman wrote:> Thank you both for your assistance. I tried the new ldapadd statement > and received the following error: > > adding new entry "cn=schema" > ldap_add: Object class violation (65) > additional info: missing required attribute "objectclass" > > Not having any more info than this, I tried placing the schema in the > schema directory. Upon restart I received the following error: > > [root@bastet slapd-bastet]# ./restart-slapd > [28/Mar/2006:05:07:49 -0500] dse - The entry cn=schema in > file /opt/fedora-ds/slapd-bastet/config/schema/60openxchange.ldif is > invalid, error code 20 (Type or value exists) - attribute type url: Does > not match the OID "1.1.2.1.1.45". Another attribute type is already > using the name or OID. > [28/Mar/2006:05:07:50 -0500] dse - Please edit the file to correct the > reported problems and then restart the server. > > The line that caused this in 60openxchange.ldif is: > > attributeTypes: ( > 1.1.2.1.1.45 > NAME ( ''url'' ) > DESC ''Users business Homepage'' > EQUALITY caseIgnoreMatch > SUBSTR caseIgnoreSubstringsMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 > ) > > It is conflicting with the following line in 50ns-legacy.ldif: > attributeTypes: ( url-oid NAME ''url'' DESC ''Netscape defined attribute > type'' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ''Netscape Legacy'' ) > > For kicks, I commented out the following lines and the server started > up. > > #attributeTypes: ( url-oid NAME ''url'' DESC ''Netscape defined attribute > type'' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ''Netscape Legacy'' ) > #objectClasses: ( nsLegacyServer-oid NAME ''nsLegacyServer'' DESC > ''Netscape defined objectclass'' SUP netscapeServer MAY ( nsServerID $ > url ) X-ORIGIN ''Netscape Legacy'' ) > > Now, the real question: what is these definitions for and have I done > something I''m going to regret later? Is there a better solution > assuming that I can''t modify the schema for OpenXChange? >No, that''s fine. Most of the 50ns-*.ldif schema is old, legacy schema that can be safely removed or commented out.> Thank you, > Alex > > > On Mon, 2006-03-27 at 09:02 -0700, Richard Megginson wrote: > >> George Holbert wrote: >> >>>> I then tried: >>>> Code: >>>> [root@bastet ~]# ldapadd -x -D "cn=Directory >>>> Manager,dc=domain,dc=net" -h localhost -W -f openxchange.ldif2 >>>> Enter LDAP Password: >>>> ldap_bind: No such object (32) >>>> matched DN: dc=domain,dc=net >>>> >>> This is close, you just need to use the right DN for the Directory >>> Manager. Try: >>> ldapadd -x -D "cn=Directory Manager" ... >>> >>> Directory Manager is a special DN that doesn''t exist inside your suffix. >>> >> You can also just copy your schema file into the config/schema directory >> and restart the server e.g. cp openxchange.ldif2 >> slapd-instance/config/schema/60openxchange.ldif >> >>> ----- Original Message ----- From: "Alex Ackerman" <alex@darkhonor.com> >>> To: <fedora-directory-users@redhat.com> >>> Sent: Saturday, March 25, 2006 4:04 PM >>> Subject: [Fedora-directory-users] Question on FDS Usage >>> >>> >>> >>>> Ok, this may seem like old hat to some of you, but I''m feeling like I''m >>>> playing stump the dummy with my computer. I am trying to modify my >>>> directory''s schema to add support for Open-XChange. I have a schema file >>>> that I have converted to FDS format from the shipped OpenLDAP format >>>> (thanks to tools on the Fedora Directory Server site), but I can''t seem >>>> to add this to the server. I first tried: >>>> >>>> Code: >>>> [root@bastet ~]# ldapmodify -h localhost -x -f openxchange.ldif2 >>>> modifying entry "cn=schema" >>>> ldap_modify: Insufficient access (50) >>>> additional info: Insufficient ''write'' privilege to the >>>> ''attributeTypes'' attribute of entry ''cn=schema''. >>>> >>>> I then tried: >>>> Code: >>>> [root@bastet ~]# ldapadd -x -D "cn=Directory >>>> Manager,dc=domain,dc=net" -h localhost -W -f openxchange.ldif2 >>>> Enter LDAP Password: >>>> ldap_bind: No such object (32) >>>> matched DN: dc=domain,dc=net >>>> >>>> As you can see, I''m getting really stumped. What is the right command >>>> that I''m missing? I''m new to the directory server realm and this has >>>> been my attempt at trying to learn. Thanks for any assistance you can >>>> provide. >>>> >>>> Alex >>>> >>>> An excert of the schema follows: >>>> # >>>> ################################################################################ >>>> >>>> # >>>> dn: cn=schema >>>> # >>>> ################################################################################ >>>> >>>> # >>>> attributeTypes: ( >>>> 1.1.2.1.1.1 >>>> NAME ( ''mailEnabled'' ) >>>> DESC ''Is the user enabled or not, for pam_ldap,postfix etc. >>>> filtering...'' >>>> EQUALITY caseIgnoreMatch >>>> SUBSTR caseIgnoreSubstringsMatch >>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} >>>> SINGLE-VALUE >>>> ) >>>> # >>>> ################################################################################ >>>> >>>> # >>>> attributeTypes: ( >>>> 1.1.2.1.1.2 >>>> NAME ( ''alias'' ) >>>> DESC ''email alias'' >>>> EQUALITY caseIgnoreMatch >>>> SUBSTR caseIgnoreSubstringsMatch >>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} >>>> ) >>>> # >>>> ################################################################################ >>>> >>>> # >>>> attributeTypes: ( >>>> 1.1.2.1.1.3 >>>> NAME ( ''imapServer'' ) >>>> DESC ''Users Imap Server'' >>>> EQUALITY caseIgnoreMatch >>>> SUBSTR caseIgnoreSubstringsMatch >>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} >>>> SINGLE-VALUE >>>> ) >>>> ... >>>> >>>> >>>> >>>> ------------------------------------ >>>> This email has been ClamScanned! >>>> www.clamav.net >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > ------------------------------------ > This email has been ClamScanned! > www.clamav.net > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >