I am getting an issue while adding user into an OpenLDAP server.
dn: uid=ldapuser1,ou=People,dc=infra,dc=com
uid: ldapuser1
cn: ldapuser1
sn: ldapuser1
mail: ldapuser1#ABC.com
mailRoutingAddress: ldapuser1#ABC.com
mailHost: mail.ABC.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
objectClass: shadowAccount
userPassword: {crypt}$6$JNpQAF00$y9tYggGaYWlKfPqhx.
shadowLastChange: 16947
shadowMax: 99999
shadowWarning: 7
krbName: ldapuser1#ABC.COM
loginShell: /bin/bash
uidNumber: 534
gidNumber: 537
homeDirectory: /home/ldapuserdir/ldapuser1
While executing below command it's giving error
ldapadd -x -W -D "cn=Manager,dc=infra,dc=com" -f /etc/openldap/users.ldif
Enter LDAP Password:
adding new entry "uid=ldapuser1,ou=People,dc=infra,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #6 invalid per syntax
Schema Included:
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
How this can be solved? Let me know if more details required.
Numbering the attributes from zero, #6 is kerberosSecurityObject, which isn't present in any of those schemas.
Related
I've been strugling/googling for hours about this, just trying a very simple thing add entries to my ldap using ldapadd (OpenLDAP on Ubuntu).
my structure.ldif looks like this :
dn: ou=Personnes,dc=odi,dc=com
objectClass: organizationalUnit
ou: Personnes
description: Employes de l entreprise
dn: ou=Machines,dc=odi,dc=com
objectClass: organizationalUnit
ou: Machines
description: Ordinateurs de l entreprise
dn: cn=Marie Dupond,ou=Personnes,dc=odi,dc=com
objectClass: inetOrgPerson
givenName: Marie
sn: Dupond
cn: Marie Dupond
uid: mdupond
userPassword: mdupond
and my ldap config :
version: 1
#
# LDAPv3
# base <dc=odi,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# odi.com
dn: dc=odi,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: odi
dc: odi
# admin, odi.com
dn: cn=admin,dc=odi,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
and I can understand why when I add it through ldapadd -x -W -D “cn=admin,dc=odi,dc=com” -H ldapi:/// -f structure.ldif Iget an ldap_bind: Invalid DN syntax (34)
additional info: invalid DN
Any help would be really appreciated,
I had the exact same problem! Highlighted from your comment above:
was using “ instead of "
Not the same characters! How frustrating!
I have done LDAP setup on ubuntu, using apt install slapd ldap-utils
after doing all setup/configuration, added one test user also and here I get:
$ ldapsearch -x -b "dc=param,dc=co,dc=in"
# extended LDIF
#
# LDAPv3
# base <dc=param,dc=co,dc=in> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# param.co.in
dn: dc=param,dc=co,dc=in
objectClass: top
objectClass: dcObject
objectClass: organization
o: param
dc: param
# admin, param.co.in
dn: cn=admin,dc=param,dc=co,dc=in
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# testuser, param.co.in
dn: uid=testuser,dc=param,dc=co,dc=in
cn: test
sn: test
mail: testuser#param.co.in
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: testuser
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
Now I wanted to add OU with following ou.ldif file:
cn: ou=people,dc=param,dc=co,dc=in
objectClass: top
objectClass: organizationalUnit
ou: people
cn: ou=groups,dc=param,dc=co,dc=in
objectClass: top
objectClass: organizationalUnit
ou: groups
But it is giving no results i.e. no success neither error after adding this file using command:
$ ldapadd -x -W -D "cn=admin,dc=param,dc=co,dc=in" -f ou.ldif
Enter LDAP Password:
$
What wrong thing exactly am i doing here?
change 'cn' to 'dn' for distinguished name. 'cn' is common name which would just be 'people' or 'groups' (except OUs don't need a CN). so it would be:
dn: ou=people,dc=param,dc=co,dc=in
objectClass: top
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=param,dc=co,dc=in
objectClass: top
objectClass: organizationalUnit
ou: groups
Apacheds apacheds-2.0.0.AM26.exe. Importing ldif file with Apache Directory Studio 2.0.0.v20210213-M16
When "objectClass: top" is included in my ldif file I get an invalidAttributeSyntax error. Full error below.
I have deduced that it is the top attribute because all the other attributes show up normally in the log. The top one shows up as objectClass:: dG9wIA==.
If I remove top it works. If I put top back and import again with the update option it works.
Error:
#!RESULT ERROR
#!CONNECTION ldap://myhost:10389
#!DATE 2021-05-27T11:13:27.212
#!ERROR [LDAP result code 21 - invalidAttributeSyntax] INVALID_ATTRIBUTE_SYNTAX: failed for MessageType : ADD_REQUEST Message ID : 17 Add Request : Entry dn: uid=jsmith,ou=Users, dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson uid: jsmith givenName: Jerry sn: Smith cn: Jerry Smith userPassword: 0x52 0x61 0x74 0x31 0x6F 0x6E 0x61 0x6C : ERR_13246_INVALID_VALUE_PER_SYNTAX Invalid upValue per syntax dn: uid=jsmith,ou=Users, dc=example,dc=com changetype: add uid: jsmith givenName: Jerry sn: Smith cn: Jerry Smith objectClass:: dG9wIA== objectClass: person objectClass: organizationalPerson objectClass: inetorgperson userPassword:: UmF0MW9uYWw=
Ldif data:
User:
dn: uid=jsmith,ou=Users,dc=example,dc=com
givenName: Jerry
sn: Smith
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
uid: jsmith
cn: Jerry Smith
userPassword: MyPasswordInClearText
Ldif to create the Group and Users objects which I have tested both as part of the larger ldif file and as two separate imports. This part first then the users second.
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalunit
objectClass: top
ou: Groups
dn: ou=Users,dc=example,dc=com
objectClass: organizationalunit
objectClass: top
ou: Users
I'm running OpenLDAP 2.4.42, and this is my configuration file:
include C:/OpenLDAP/schema/core.schema
include C:/OpenLDAP/schema/cosine.schema
include C:/OpenLDAP/schema/inetorgperson.schema
pidfile C:/data/slapd/pidfile.pid
database config
database monitor
access to dn.subtree="cn=Monitor" by dn.exact="uid=Admin,dc=my,dc=org" write
access to * by * write
database bdb
include C:/data/pwm/openldap.schema
directory C:/data/slapd/db/bdb
suffix dc=example,dc=it
rootdn cn=root,dc=example,dc=it
rootpw secret
access to * by * manage
index default pres,eq
index cn eq,sub
index sn pres,eq,sub
index objectClass eq
With this slapcat (cut) output:
dn: cn=paul,dc=example,dc=it
objectClass: organizationalRole
cn: paul
dn: l=somewhere,dc=example,dc=it
objectClass: top
objectClass: locality
l: somewhere
dn: cn=john,l=somewhere,dc=example,dc=it
objectClass: organizationalRole
cn: john
structuralObjectClass: organizationalRole
dn: ou=users,dc=example,dc=it
objectClass: organizationalUnit
ou: users
structuralObjectClass: organizationalUnit
dn: cn=charles,ou=users,dc=example,dc=it
objectClass: person
objectClass: pwmUser
cn: charles
sn: charles
userPassword:: bWFyY28y
structuralObjectClass: person
Why does this return results (actually the "charles" entry):
ldapsearch -W -D cn=root,dc=example,dc=it -b "ou=users,dc=example,dc=it"
while this gives "no such object"?
ldapsearch -W -D cn=root,dc=example,dc=it -b "dc=example,dc=it"
I would think that the latter is the most general version of a search, where I'm asking for everything under that suffix.
I want to use LDAP to automount the user's home and the nfs. I followed this tutorial to configure ldap and automount. (automount information: fstype=nfs,hard,intr,nodev,nosuid,rw 192.168.0.1:/home/serveur/dupont)
dn: cn=dupont, ou=nfs, ou=services, dc=projet, dc=sys
objectClass: top
objectClass: automount
cn: dupont
I have a syntax error when trying to add this file.
$ ldapadd -x -f au.ldif -W -D cn=admin,dc=projet,dc=sys
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
I can't seem to find the source of this error.
$ ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <dc=projet,dc=sys> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# projet.sys
dn: dc=projet,dc=sys
objectClass: top
objectClass: dcObject
objectClass: organization
o: nsalab
dc: projet
# admin, projet.sys
dn: cn=admin,dc=projet,dc=sys
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# people, projet.sys
dn: ou=people,dc=projet,dc=sys
objectClass: top
objectClass: organizationalUnit
ou: people
description: Branche gens
# etudiants, people, projet.sys
dn: ou=etudiants,ou=people,dc=projet,dc=sys
objectClass: top
objectClass: organizationalUnit
ou: etudiants
description: Branche etudiants
# personnel, people, projet.sys
dn: ou=personnel,ou=people,dc=projet,dc=sys
objectClass: top
objectClass: organizationalUnit
ou: personnel
description: Branche personnel
# services, projet.sys
dn: ou=services,dc=projet,dc=sys
objectClass: top
objectClass: organizationalUnit
ou: services
description: Branche services
# groupes, services, projet.sys
dn: ou=groupes,ou=services,dc=projet,dc=sys
objectClass: top
objectClass: organizationalUnit
ou: groupes
description: Branche groupes
# nfs, services, projet.sys
dn: ou=nfs,ou=services,dc=projet,dc=sys
objectClass: top
objectClass: organizationalUnit
ou: nfs
description: Branche nfs
# mongroupe, groupes, services, projet.sys
dn: cn=mongroupe,ou=groupes,ou=services,dc=projet,dc=sys
objectClass: top
objectClass: posixGroup
cn: mongroupe
gidNumber: 1111
description: groupe de test mongroupe
# dupont, etudiants, people, projet.sys
dn: uid=dupont,ou=etudiants,ou=people,dc=projet,dc=sys
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: dupont
cn: Dupont Jean
sn: Dupont
givenName: Jean
uidNumber: 1100
gidNumber: 1111
homeDirectory: /home/aware/dupont
loginShell: /bin/bash
mail: dupont#projet.sys
l: France
ou: mongroupe
# search result
search: 2
result: 0 Success
# numResponses: 11
# numEntries: 10
I had to activate the right schema.
The autofs-ldap.schema file needs to be converted to LDIF format. You
can do this with the slapcat utility as described in the
OpenLDAPServer guide, or you can just visit
launchpadlibrarian.net/55451730/autofs.ldif and grab this one
that's already been converted (rename it autofs-ldap.ldif and put it
in /etc/ldap/schema for consistency's sake).
And use ldapadd to import it into the database.
$ ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/autofs-ldap.ldif
You have to activate the right schema:
The autofs-ldap.schema file needs to be converted to LDIF format. You can do this with the slapcat utility as described in the OpenLDAPServer guide, or you can just visit launchpadlibrarian.net/55451730/autofs.ldif and grab this one that's already been converted (rename it autofs-ldap.ldif and put it in /etc/ldap/schema for consistency's sake).
And use ldapadd to import it into the database.
$ ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/autofs-ldap.ldif