Fedora directory users - Jul 2005 - EduPerson schema

Does any one know if there is a veriosn of the EduPerson Schema for FDS?

thanks Alastair

I don''t know if this is the latest
http://lab.ac.uab.edu/vnet/documents/ldif/eduperson.schema
But it looks like it''s in openldap schema format, so you should just be
able to use the schema conversion scripts here - 
http://directory.fedora.redhat.com/wiki/Howto:OpenLDAPMigration#Schema

Alastair Neil wrote:
> Does any one know if there is a veriosn of the EduPerson Schema for FDS?
>
> thanks Alastair
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

You can find the eduPerson schema in various formats (includeing 
iPlanet/SunONE, which should work with FDS) at 
http://middleware.internet2.edu/dir/schema/

-NGK

Rich Megginson wrote:
> I don''t know if this is the latest
> http://lab.ac.uab.edu/vnet/documents/ldif/eduperson.schema
> But it looks like it''s in openldap schema format, so you should
just
> be able to use the schema conversion scripts here - 
> http://directory.fedora.redhat.com/wiki/Howto:OpenLDAPMigration#Schema
>
> Alastair Neil wrote:
>
>> Does any one know if there is a veriosn of the EduPerson Schema for
FDS?
>>
>> thanks Alastair
>>
>>------------------------------------------------------------------------
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users@redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>  
>>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

Am I being dense? I tried to use the import database task in the console to 
import the schema files. Is this a Dumb Thing (tm)?

The SunOne eduPerson-200412.mods.ldif gives the following error when I try 
to import it:

cn=schema: Error modifying object ''dn: cn=schema''. The error
sent by the
server was ''No such attribute. attribute type edupersonaffiliation: Is 
unknown. Cannot delete.''. The modifications were: [
Lnetscape.ldap.LDAPModification;@5f0b1d65.

the converted OpenLdap eduperson-200412.ldif gives:

cn=schema: Error adding object ''dn: cn=schema''. The error sent
by the server
was ''Object class violation. missing required attribute
"objectclass"
''. The object is: LDAPEntry: cn=schema; LDAPAttributeSet: LDAPAttribute
{type=''objectclasses'', values=''(
1.3.6.1.4.1.5923.1.1.2 NAME ''eduPerson''
AUXILIARY MAY ( eduPersonAffiliation $ eduPersonNickname $ eduPersonOrgDN $ 
eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ 
eduPersonEntitlement $ eduPersonPrimaryOrgUnitDN $ 
eduPersonScopedAffiliation ) )''} LDAPAttribute
{type=''attributetypes'',
values=''( 1.3.6.1.4.1.5923.1.1.1.1 NAME
''eduPersonAffiliation'' DESC
''eduPerson per Internet2 and EDUCAUSE'' EQUALITY
caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.15'' ),(
1.3.6.1.4.1.5923.1.1.1.2 NAME ''eduPersonNickname'' DESC
''eduPerson per
Internet2 and EDUCAUSE'' EQUALITY caseIgnoreMatch SUBSTR 
caseIgnoreSubstringsMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.15'' ),(
1.3.6.1.4.1.5923.1.1.1.3 NAME ''eduPersonOrgDN'' DESC
''eduPerson per Internet2
and EDUCAUSE'' EQUALITY distinguishedNameMatch SYNTAX ''
1.3.6.1.4.1.1466.115.121.1.12'' SINGLE-VALUE ),(
1.3.6.1.4.1.5923.1.1.1.4NAME ''eduPersonOrgUnitDN'' DESC
''eduPerson per
Internet2 and EDUCAUSE''
EQUALITY distinguishedNameMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.12'' ),(
1.3.6.1.4.1.5923.1.1.1.5 NAME ''eduPersonPrimaryAffiliation''
DESC ''eduPerson
per Internet2 and EDUCAUSE'' EQUALITY caseIgnoreMatch SUBSTR 
caseIgnoreSubstringsMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.15''
SINGLE-VALUE ),( 1.3.6.1.4.1.5923.1.1.1.6 NAME
''eduPersonPrincipalName'' DESC
''eduPerson per Internet2 and EDUCAUSE'' EQUALITY
caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.15''
SINGLE-VALUE ),( 1.3.6.1.4.1.5923.1.1.1.7 NAME
''eduPersonEntitlement'' DESC
''eduPerson per Internet2 and EDUCAUSE'' EQUALITY caseExactMatch
SYNTAX ''
1.3.6.1.4.1.1466.115.121.1.15'' ),( 1.3.6.1.4.1.5923.1.1.1.8 NAME 
''eduPersonPrimaryOrgUnitDN'' DESC ''eduPerson per
Internet2 and EDUCAUSE''
EQUALITY distinguishedNameMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.12''
SINGLE-VALUE ),( 1.3.6.1.4.1.5923.1.1.1.9 NAME
''eduPersonScopedAffiliation''
DESC ''eduPerson per Internet2 and EDUCAUSE'' EQUALITY
caseIgnoreMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.15'' SINGLE-VALUE )''}.







On 7/25/05, Nathan Kinder <nkinder@redhat.com>
wrote:
> 
> You can find the eduPerson schema in various formats (includeing
> iPlanet/SunONE, which should work with FDS) at
> http://middleware.internet2.edu/dir/schema/
> 
> -NGK
> 
> Rich Megginson wrote:
> 
> > I don''t know if this is the latest
> > http://lab.ac.uab.edu/vnet/documents/ldif/eduperson.schema
> > But it looks like it''s in openldap schema format, so you
should just
> > be able to use the schema conversion scripts here -
> > http://directory.fedora.redhat.com/wiki/Howto:OpenLDAPMigration#Schema
> >
> > Alastair Neil wrote:
> >
> >> Does any one know if there is a veriosn of the EduPerson Schema
for
> FDS?
> >>
> >> thanks Alastair
> >>
>
>>------------------------------------------------------------------------
> >>
> >>--
> >>Fedora-directory-users mailing list
> >>Fedora-directory-users@redhat.com
> >>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >>
>
>------------------------------------------------------------------------
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users@redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> 
> 
> 
>

Alastair Neil wrote:
> Am I being dense?  I tried to use the import database task in the 
> console to import the schema files.  Is this a Dumb Thing (tm)?
>
> The SunOne eduPerson-200412.mods.ldif gives the following error when I 
> try to import it:
>
>     cn=schema: Error modifying object ''dn: cn=schema''. 
The error sent
>     by the server was ''No such attribute. attribute type
>     edupersonaffiliation: Is unknown.  Cannot delete.''.  The
>     modifications were: [Lnetscape.ldap.LDAPModification ;@5f0b1d65.
>
You cannot import a schema file that way.  The best way to import this 
schema file would be to
1) rename it to 60eduPerson.ldif
2) copy it to slapd-instance/config/schema
3) restart the DS
>
> the converted OpenLdap eduperson-200412.ldif gives:
>
>     cn=schema: Error adding object ''dn: cn=schema''.  The
error sent by
>     the server was ''Object class violation. missing required
attribute
>     "objectclass"
>     ''.  The object is: LDAPEntry: cn=schema; LDAPAttributeSet:
>     LDAPAttribute {type=''objectclasses'',
values=''(
>     1.3.6.1.4.1.5923.1.1.2 NAME ''eduPerson'' AUXILIARY MAY
(
>     eduPersonAffiliation $ eduPersonNickname $ eduPersonOrgDN $
>     eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $
>     eduPersonPrincipalName $ eduPersonEntitlement $
>     eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation ) )''}
>     LDAPAttribute {type=''attributetypes'',
values=''(
>     1.3.6.1.4.1.5923.1.1.1.1 NAME ''eduPersonAffiliation''
DESC
>     ''eduPerson per Internet2 and EDUCAUSE'' EQUALITY
caseIgnoreMatch
>     SUBSTR caseIgnoreSubstringsMatch SYNTAX
>     ''1.3.6.1.4.1.1466.115.121.1.15'' ),(
1.3.6.1.4.1.5923.1.1.1.2 NAME
>     ''eduPersonNickname'' DESC ''eduPerson per
Internet2 and EDUCAUSE''
>     EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
>     ''1.3.6.1.4.1.1466.115.121.1.15'' ),(
1.3.6.1.4.1.5923.1.1.1.3 NAME
>     ''eduPersonOrgDN'' DESC ''eduPerson per
Internet2 and EDUCAUSE''
>     EQUALITY distinguishedNameMatch SYNTAX ''
>     1.3.6.1.4.1.1466.115.121.1.12'' SINGLE-VALUE ),(
>     1.3.6.1.4.1.5923.1.1.1.4 NAME ''eduPersonOrgUnitDN''
DESC ''eduPerson
>     per Internet2 and EDUCAUSE'' EQUALITY distinguishedNameMatch
SYNTAX
>     ''1.3.6.1.4.1.1466.115.121.1.12'' ),(
1.3.6.1.4.1.5923.1.1.1.5 NAME
>     ''eduPersonPrimaryAffiliation'' DESC
''eduPerson per Internet2 and
>     EDUCAUSE'' EQUALITY caseIgnoreMatch SUBSTR
>     caseIgnoreSubstringsMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.15''
>     SINGLE-VALUE ),( 1.3.6.1.4.1.5923.1.1.1.6 NAME
>     ''eduPersonPrincipalName'' DESC ''eduPerson per
Internet2 and
>     EDUCAUSE'' EQUALITY caseIgnoreMatch SUBSTR
>     caseIgnoreSubstringsMatch SYNTAX ''
1.3.6.1.4.1.1466.115.121.1.15''
>     SINGLE-VALUE ),( 1.3.6.1.4.1.5923.1.1.1.7 NAME
>     ''eduPersonEntitlement'' DESC ''eduPerson per
Internet2 and EDUCAUSE''
>     EQUALITY caseExactMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.15'' ),(
>     1.3.6.1.4.1.5923.1.1.1.8 NAME
''eduPersonPrimaryOrgUnitDN'' DESC
>     ''eduPerson per Internet2 and EDUCAUSE'' EQUALITY
>     distinguishedNameMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.12''
>     SINGLE-VALUE ),( 1.3.6.1.4.1.5923.1.1.1.9 NAME
>     ''eduPersonScopedAffiliation'' DESC ''eduPerson
per Internet2 and
>     EDUCAUSE'' EQUALITY caseIgnoreMatch SYNTAX ''
>     1.3.6.1.4.1.1466.115.121.1.15'' SINGLE-VALUE )''}.
>
>
>
>
>
>
>
> On 7/25/05, Nathan Kinder <nkinder@redhat.com 
> <mailto:nkinder@redhat.com>> wrote:
>
>     You can find the eduPerson schema in various formats (includeing
>     iPlanet/SunONE, which should work with FDS) at
>     http://middleware.internet2.edu/dir/schema/
>
>     -NGK
>
>     Rich Megginson wrote:
>
>     > I don''t know if this is the latest
>     > http://lab.ac.uab.edu/vnet/documents/ldif/eduperson.schema
>     > But it looks like it''s in openldap schema format, so you
should just
>     > be able to use the schema conversion scripts here -
>     >
>     http://directory.fedora.redhat.com/wiki/Howto:OpenLDAPMigration#Schema
>     >
>     > Alastair Neil wrote:
>     >
>     >> Does any one know if there is a veriosn of the EduPerson
Schema
>     for FDS?
>     >>
>     >> thanks Alastair
>     >>
>    
>>------------------------------------------------------------------------
>     >>
>     >>--
>     >>Fedora-directory-users mailing list
>     >> Fedora-directory-users@redhat.com
>     <mailto:Fedora-directory-users@redhat.com>
>     >>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>     >>
>     >>
>    
>------------------------------------------------------------------------
>
>     >
>     >--
>     >Fedora-directory-users mailing list
>     >Fedora-directory-users@redhat.com
>     <mailto:Fedora-directory-users@redhat.com>
>     > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>     >
>     >
>
>
>
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

Thanks, I see I was being dense. :)

On 7/25/05, Rich Megginson <rmeggins@redhat.com>
wrote:
> 
> Alastair Neil wrote: 
> 
> Am I being dense? I tried to use the import database task in the console 
> to import the schema files. Is this a Dumb Thing (tm)?
> 
> The SunOne eduPerson-200412.mods.ldif gives the following error when I try 
> to import it: 
> 
> cn=schema: Error modifying object ''dn: cn=schema''. The
error sent by the
> server was ''No such attribute. attribute type
edupersonaffiliation: Is
> unknown. Cannot delete.''. The modifications were: [
> Lnetscape.ldap.LDAPModification ;@5f0b1d65.
> 
>  You cannot import a schema file that way. The best way to import this 
> schema file would be to 
> 1) rename it to 60eduPerson.ldif
> 2) copy it to slapd-instance/config/schema
> 3) restart the DS
> 
> 
>  the converted OpenLdap eduperson-200412.ldif gives:
> 
> cn=schema: Error adding object ''dn: cn=schema''. The error
sent by the
> server was ''Object class violation. missing required attribute
"objectclass"
> 
> ''. The object is: LDAPEntry: cn=schema; LDAPAttributeSet:
LDAPAttribute
> {type=''objectclasses'', values=''(
1.3.6.1.4.1.5923.1.1.2 NAME ''eduPerson''
> AUXILIARY MAY ( eduPersonAffiliation $ eduPersonNickname $ eduPersonOrgDN $
> eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $
> eduPersonEntitlement $ eduPersonPrimaryOrgUnitDN $ 
> eduPersonScopedAffiliation ) )''} LDAPAttribute
{type=''attributetypes'',
> values=''( 1.3.6.1.4.1.5923.1.1.1.1 NAME
''eduPersonAffiliation'' DESC
> ''eduPerson per Internet2 and EDUCAUSE'' EQUALITY
caseIgnoreMatch SUBSTR
> caseIgnoreSubstringsMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.15'' ),(
> 1.3.6.1.4.1.5923.1.1.1.2 NAME ''eduPersonNickname'' DESC
''eduPerson per
> Internet2 and EDUCAUSE'' EQUALITY caseIgnoreMatch SUBSTR 
> caseIgnoreSubstringsMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.15'' ),(
> 1.3.6.1.4.1.5923.1.1.1.3 NAME ''eduPersonOrgDN'' DESC
''eduPerson per
> Internet2 and EDUCAUSE'' EQUALITY distinguishedNameMatch SYNTAX
''
> 1.3.6.1.4.1.1466.115.121.1.12'' SINGLE-VALUE ),(
1.3.6.1.4.1.5923.1.1.1.4NAME ''eduPersonOrgUnitDN'' DESC
''eduPerson per Internet2 and EDUCAUSE''
> EQUALITY distinguishedNameMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.12'' ),(
> 1.3.6.1.4.1.5923.1.1.1.5 NAME
''eduPersonPrimaryAffiliation'' DESC
> ''eduPerson per Internet2 and EDUCAUSE'' EQUALITY
caseIgnoreMatch SUBSTR
> caseIgnoreSubstringsMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.15''
> SINGLE-VALUE ),( 1.3.6.1.4.1.5923.1.1.1.6 NAME
''eduPersonPrincipalName''
> DESC ''eduPerson per Internet2 and EDUCAUSE'' EQUALITY
caseIgnoreMatch SUBSTR
> caseIgnoreSubstringsMatch SYNTAX ''
1.3.6.1.4.1.1466.115.121.1.15''
> SINGLE-VALUE ),( 1.3.6.1.4.1.5923.1.1.1.7 NAME
''eduPersonEntitlement'' DESC
> ''eduPerson per Internet2 and EDUCAUSE'' EQUALITY
caseExactMatch SYNTAX ''
> 1.3.6.1.4.1.1466.115.121.1.15'' ),( 1.3.6.1.4.1.5923.1.1.1.8 NAME 
> ''eduPersonPrimaryOrgUnitDN'' DESC ''eduPerson per
Internet2 and EDUCAUSE''
> EQUALITY distinguishedNameMatch SYNTAX
''1.3.6.1.4.1.1466.115.121.1.12''
> SINGLE-VALUE ),( 1.3.6.1.4.1.5923.1.1.1.9 NAME 
> ''eduPersonScopedAffiliation'' DESC ''eduPerson per
Internet2 and EDUCAUSE''
> EQUALITY caseIgnoreMatch SYNTAX ''
1.3.6.1.4.1.1466.115.121.1.15''
> SINGLE-VALUE )''}.
> 
> 
> 
> 
> 
> 
> 
> On 7/25/05, Nathan Kinder <nkinder@redhat.com > wrote: 
> > 
> > You can find the eduPerson schema in various formats (includeing
> > iPlanet/SunONE, which should work with FDS) at 
> > http://middleware.internet2.edu/dir/schema/
> > 
> > -NGK
> > 
> > Rich Megginson wrote:
> > 
> > > I don''t know if this is the latest
> > > http://lab.ac.uab.edu/vnet/documents/ldif/eduperson.schema
> > > But it looks like it''s in openldap schema format, so you
should just
> > > be able to use the schema conversion scripts here -
> > >
http://directory.fedora.redhat.com/wiki/Howto:OpenLDAPMigration#Schema
> > >
> > > Alastair Neil wrote:
> > >
> > >> Does any one know if there is a veriosn of the EduPerson
Schema for
> > FDS?
> > >>
> > >> thanks Alastair 
> > >>
> > 
> >
>>------------------------------------------------------------------------
> > >>
> > >>--
> > >>Fedora-directory-users mailing list
> > >> Fedora-directory-users@redhat.com
> > >>https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >>
> > >>
> >
>------------------------------------------------------------------------
> > 
> > >
> > >--
> > >Fedora-directory-users mailing list
> > >Fedora-directory-users@redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> > >
> > 
> > 
> > 
> >  
> ------------------------------
> 
> --
> Fedora-directory-users mailing
listFedora-directory-users@redhat.comhttps://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
>  
>

On 7/25/05, Alastair Neil <ajneil@gmail.com>
wrote:
> Thanks, I see I was being dense. :)
> 
The eduPerson schema file you were trying to use tries to delete the
objectclass and attributetypes associated with eduPerson before
re-creating them (I suppose it does this in case you are "upgrading"
from a previous version).  The problem is that FDS doesn''t like
deleting schema objects  that aren''t there to begin with.  SunOne 5.1
didn''t have a problem doing that, the same schema file applied cleanly
just using an ldapmodify command.

I assume it''s a setting somewhere that''s been switched at some
point.

-- 
Ben Steeves                     _                    bcs@metacon.ca
 The ASCII ribbon campaign     ( )            ben.steeves@gmail.com
   against HTML e-mail          X                GPG ID: 0xB3EBF1D9
http://www.metacon.ca/bcs      / \     Yahoo Messenger: ben_steeves

You should be able to use ldapmodify''s continuous operation mode (-c 
option).  This will report errors, but continue performing the 
operations listed in your file.  The default behavior is to exit on an 
error condition.

-NGK

Ben Steeves wrote:
>On 7/25/05, Alastair Neil <ajneil@gmail.com> wrote:
>  
>
>>Thanks, I see I was being dense. :)
>>
>>    
>>
>
>The eduPerson schema file you were trying to use tries to delete the
>objectclass and attributetypes associated with eduPerson before
>re-creating them (I suppose it does this in case you are
"upgrading"
>from a previous version).  The problem is that FDS doesn''t like
>deleting schema objects  that aren''t there to begin with.  SunOne
5.1
>didn''t have a problem doing that, the same schema file applied
cleanly
>just using an ldapmodify command.
>
>I assume it''s a setting somewhere that''s been switched at
some point.
>
>  
>