I'm very new to openldap but extremely well versed in the linux/unix environment. I'm trying to setup my very first test openldap environment using the guide here. I've also read most of the admin guide here and I have to admit, it is a lot to take in.
So following the ubuntu basic setup guide I created an ldif file that looks like this:
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups
dn: cn=engineers,ou=Groups,dc=example,dc=com
objectClass: posixGroup
cn: engineers
gidNumber: 5000
dn: uid=john,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 10000
gidNumber: 5000
userPassword: johnldap
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john
Whenever I tried to add it using:
$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif
I get the following error:
adding new entry "cn=engineers,ou=Groups,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
adding new entry "uid=john,ou=People,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
The results in google for this error don't net any helpful suggestions. What could I be doing wrong here?
Best Answer
Your problem is undoubtedly that you need to load the
nis
schema into your LDAP server. How to do this depends on whether your are using the legacyslapd.conf
configuration file or the newer dynamic configuration hosted incn=config
and backed by aslapd.d
directory.Using
slapd.conf
You will need to
include
the schema definition in yourslapd.conf
by adding a line along the lines of:This assumes that the
nis.schema
file is located at that path; if not, modify the path appropriately.You will need to restart
slapd
to activate the new schema.Using
slapd.d
(I'm including this for completeness, although it's not directly relevant to your current configfuration).
To load a schema into
slapd
if you're using the dynamiccn=config
configuration, you would useldapadd
. Depending on how your ACLs are configured, the command might look like this:This assumes that your running
slapd
has an ACL permitting "peer credentials" authentication toroot
. If that doesn't work, you would need to provide an appropriate bind DN and password using-D
and-W
.There is no restart required in this case.