openldap root schema

Kihara Muriithi william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Jan 17 08:47:32 UTC 2007


Thanks Tim
On 17 Jan 2007 01:07:32 -0500, Tim Writer <tim-s/rLXaiAEBtBDgjK7y7TUQ at public.gmane.org> wrote:

> > ## Build the people ou.
> > dn: ou=people,dc=afsat,dc=com
> > ou: people
> > objectClass: organizationalUnit
>
> Hmmm. There's no "objectClass: top" which is unusual.

I re-did it again and inserted objectClass top as you had suggested.
Unfortunately, the problem persisted. Judging from a google search, I have
noticed its a common thing to do, but it left me scratching my head. Why put
"top" on more than one root schema? Shouldn't we have just one root?

> This was inserted successfully by slapadd tool. I then restarted openldap
> > and attempted populating it will user extracted from /etc/passwd file
> and
> > that is when I hit my first problem. The migration tool produced a ldif
> file
> > of the following format.
> > dn: uid=wmuriithi,ou=people,dc=afsat,dc=com
> > uid: wmuriithi
> > cn: William Muriithi
> > objectClass: account
> > objectClass: posixAccount
> > objectClass: top
> > objectClass: shadowAccount
>
> Hmmm. I'm not sure why you would have object classes account and
> posixAccount. Also, it's usual to have object class inetOrgPerson for
> e-mail etc. support.

The data was automatically generated by an ldap migration tool, so I never
gave it alot of thought. I just assumed they were correct

> Attempting to feed this data to ldap lead to this error
> > adding new entry "cn=William Muriithi,dc=afsat,dc=com"
> > ldap_add: Object class violation (65)
> >         additional info: attribute 'uid' not allowed
>
> You appear to have a schema problem.


Thats my  feeling also.  I googled alot on how other people out there do it,
but it appear very different and don't work for me. I am suspecting this is
because  people out there install from source, while I am working with
fedora binary rpms. And, while I was on it, I noticed an error on above
insertion, but the solution didn't help. See below
adding new entry "uid=wmuriithi,ou=people,dc=afsat,dc=com"
ldap_add: Object class violation (65)
        additional info: attribute 'uid' not allowed

> Would this field exist on the output below?
>
> No, because you haven't shown a user, i.e. an entry within the people ou.
> If you showed a user, it should have a uid.


I am not sure if I understood you well, but I did I querry from what I
assumed you were conveying above, and I still couldn't see the uid field.
See the search below:-
 # ldapsearch -x -b "ou=people,dc=afsat,dc=com"
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=afsat,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# people, afsat.com
dn: ou=people,dc=afsat,dc=com
ou: people
objectClass: top
objectClass: organizationalUnit

# wmuriithi, people, afsat.com
dn: cn=wmuriithi,ou=people,dc=afsat,dc=com
cn: wmuriithi
sn: Muriithi
userPassword:: bWFrYXU=
objectClass: person

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2


--
> tim writer <tim-s/rLXaiAEBtBDgjK7y7TUQ at public.gmane.org>                                  starnix inc.
> 647.722.5301                                      toronto, ontario, canada
> http://www.starnix.com              professional linux services & products
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>

Thank you a lot for your help
William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20070117/fb71faa0/attachment.html>


More information about the Legacy mailing list