LDAP Error – Why Does This ldapadd Command Quit with an ‘Invalid Syntax’ Error?

linuxopenldapUbuntu

I'm very new to openldap but extremely well versed in the linux/unix environment. I'm trying to setup my very first test openldap environment using the guide here. I've also read most of the admin guide here and I have to admit, it is a lot to take in.

So following the ubuntu basic setup guide I created an ldif file that looks like this:

dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups

dn: cn=engineers,ou=Groups,dc=example,dc=com
objectClass: posixGroup
cn: engineers
gidNumber: 5000

dn: uid=john,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 10000
gidNumber: 5000
userPassword: johnldap
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john

Whenever I tried to add it using:

$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif

I get the following error:

adding new entry "cn=engineers,ou=Groups,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
    additional info: objectClass: value #0 invalid per syntax

adding new entry "uid=john,ou=People,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
    additional info: objectClass: value #0 invalid per syntax

The results in google for this error don't net any helpful suggestions. What could I be doing wrong here?

Best Answer

Your problem is undoubtedly that you need to load the nis schema into your LDAP server. How to do this depends on whether your are using the legacy slapd.conf configuration file or the newer dynamic configuration hosted in cn=config and backed by a slapd.d directory.

Using slapd.conf

You will need to include the schema definition in your slapd.conf by adding a line along the lines of:

include /usr/local/etc/openldap/schema/nis.schema

This assumes that the nis.schema file is located at that path; if not, modify the path appropriately.

You will need to restart slapd to activate the new schema.

Using slapd.d

(I'm including this for completeness, although it's not directly relevant to your current configfuration).

To load a schema into slapd if you're using the dynamic cn=config configuration, you would use ldapadd. Depending on how your ACLs are configured, the command might look like this:

ldapadd -Y EXTERNAL -H ldapi:// -f /usr/local/etc/openldap/schema/nis.ldif

This assumes that your running slapd has an ACL permitting "peer credentials" authentication to root. If that doesn't work, you would need to provide an appropriate bind DN and password using -D and -W.

There is no restart required in this case.

Related Topic