Hi
When attempting to migrate an existing OpenLDAP server to FreeIPA (version 4.5.0 on Centos 7), I am getting the following error - unknown object class "ededuperson"
If I look at the LDAP I can see
edEduPerson OID: 1.2.826.0.1109.2.0.0 Description: Additional attributes for AuthLDAP Type: auxiliary Inherits from: eduPerson
I have added the eduperson ldif to my FreeIPA server, cp /usr/share/dirsrv/schema/60eduperson.ldif /etc/dirsrv/slapd-XXXXXschema/
but I am unsure how to add the object class ededuperson.
New to this - any help greatly appreciated
Duncan
Hi Duncan,
check out this thread https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahost...
cheers,
--- Ernedin ZAJKO ezajko@root.ba
340282366920938463463374607431768211456
On Wed, Apr 18, 2018 at 12:22 PM, Duncan Colhoun via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi
When attempting to migrate an existing OpenLDAP server to FreeIPA (version 4.5.0 on Centos 7), I am getting the following error - unknown object class "ededuperson"
If I look at the LDAP I can see
edEduPerson OID: 1.2.826.0.1109.2.0.0 Description: Additional attributes for AuthLDAP Type: auxiliary Inherits from: eduPerson
I have added the eduperson ldif to my FreeIPA server, cp /usr/share/dirsrv/schema/60eduperson.ldif /etc/dirsrv/slapd-XXXXXschema/
but I am unsure how to add the object class ededuperson.
New to this - any help greatly appreciated
Duncan _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Based on information above and a few other sources, I am attempting to add the ededuperson schema to FreeIPA
I have placed the file 60ededuperson.ldif in the schema dir /etc/dirsrv/slapd-XXXXX/schema
This is the file
dn: cn=schema # edEduPerson.schema # # This is a local OpenLDAP schema # Based on the Internet2 eduPerson schema # # 1.2.826.0.1109.2.0.0 is the toplevel OID for this schema # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.2 NAME 'eduniIDStatus' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.3 NAME 'eduniCategory' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.4 NAME 'eduniServiceCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.5 NAME 'eduniCollegeCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.6 NAME 'eduniType' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.7 NAME 'eduniOrgCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.8 NAME 'eduniOrganisation' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.9 NAME 'eduniSchoolCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.10 NAME 'eduniUnitCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.11 NAME 'eduniIdmsID' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.3.6.1.4.1.250.1.32 NAME 'krbName' DESC 'Kerberos Name' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.12 NAME 'eduniLibraryBarcode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.13 NAME 'eduniExtendedServiceCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.14 NAME 'eduniPrimaryAffiliationId' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ attributetypes ( 1.2.826.0.1109.2.0.0.15 NAME 'eduniRefNo' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.16 NAME 'eduniTitle' DESC 'edEduPerson per AuthLDAP project based on personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.17 NAME 'eduniCardNumber' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.18 NAME 'eduniYearOfStudy' DESC 'edEduPerson per AuthLDAP project' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) # ################################################################################ # objectclasses ( 1.2.826.0.1109.2.0.0 NAME 'edEduPerson' DESC 'Additional attributes for AuthLDAP' SUP eduPerson AUXILIARY MAY ( eduniIDStatus $ eduniCategory $ eduniServiceCode $ eduniCollegeCode $ eduniType $ eduniOrgCode $ eduniOrganisation $ eduniSchoolCode $ eduniUnitCode $ eduniIdmsID $ krbName $ eduniLibraryBarcode $ eduniExtendedServiceCode $ eduniPrimaryAffiliationId $ eduniRefNo $ eduniTitle $ eduniCardNumber $ eduniYearOfStudy ) )
When I restart the server I get the following errors
- [19/Apr/2018:14:07:54.091084077 +0100] - WARN - str2entry_dupcheckEntry (%s), ignoring invalid line "%s"... - [19/Apr/2018:14:07:54.091982687 +0100] - WARN - str2entry_dupcheckEntry (%s), ignoring invalid line "%s"... - [19/Apr/2018:14:07:54.092986647 +0100] - WARN - str2entry_dupcheckEntry (%s), ignoring invalid line "%s"... - [19/Apr/2018:14:07:54.094086999 +0100] - ERR - str2entry_dupcheck - Entry has no dn [19/Apr/2018:14:07:54.095593412 +0100] - ERR - dse_read_one_file - Parsing entry (lineno: 72) in file /etc/dirsrv/slapd-BIO-ED-AC-UK/schema/60ededuperson.ldif failed. [19/Apr/2018:14:07:54.098502342 +0100] - ERR - dse_read_one_file - Invalid section [################################################################################ # attributeType ( 1.2.826.0.1109.2.0.0.9 NAME 'eduniSchoolCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNT ...] [19/Apr/2018:14:07:54.102748222 +0100] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. [19/Apr/2018:14:13:47.143748784 +0100] - WARN - str2entry_dupcheckEntry (%s), ignoring invalid line "%s"...
Any suggestions on where I am going wrong?
Thanks
Hi Duncan,
ds389 server doesn't use same schema format as openldap.
You can find some schema "migration" scripts at ds389 home page [1], and try running them over your existing schema file(s) //they work for some simple cases
Another thing - I wouldn't suggest that way of "extending" IPA schema - please check out lovely plugin example from Alexander Bokovoy [2]
cheers,
[1] http://directory.fedoraproject.org/docs/389ds/scripts.html [2] https://github.com/abbra/freeipa-userstatus-plugin
--- Ernedin ZAJKO ezajko@root.ba
340282366920938463463374607431768211456
On Thu, Apr 19, 2018 at 3:26 PM, Duncan Colhoun via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Based on information above and a few other sources, I am attempting to add the ededuperson schema to FreeIPA
I have placed the file 60ededuperson.ldif in the schema dir /etc/dirsrv/slapd-XXXXX/schema
This is the file
dn: cn=schema # edEduPerson.schema # # This is a local OpenLDAP schema # Based on the Internet2 eduPerson schema # # 1.2.826.0.1109.2.0.0 is the toplevel OID for this schema # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.2 NAME 'eduniIDStatus' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.3 NAME 'eduniCategory' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.4 NAME 'eduniServiceCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.5 NAME 'eduniCollegeCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.6 NAME 'eduniType' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.7 NAME 'eduniOrgCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.8 NAME 'eduniOrganisation' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.9 NAME 'eduniSchoolCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.10 NAME 'eduniUnitCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.11 NAME 'eduniIdmsID' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.3.6.1.4.1.250.1.32 NAME 'krbName' DESC 'Kerberos Name' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.12 NAME 'eduniLibraryBarcode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.13 NAME 'eduniExtendedServiceCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.14 NAME 'eduniPrimaryAffiliationId' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ attributetypes ( 1.2.826.0.1109.2.0.0.15 NAME 'eduniRefNo' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.16 NAME 'eduniTitle' DESC 'edEduPerson per AuthLDAP project based on personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.17 NAME 'eduniCardNumber' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # ################################################################################ # attributetypes ( 1.2.826.0.1109.2.0.0.18 NAME 'eduniYearOfStudy' DESC 'edEduPerson per AuthLDAP project' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) # ################################################################################ # objectclasses ( 1.2.826.0.1109.2.0.0 NAME 'edEduPerson' DESC 'Additional attributes for AuthLDAP' SUP eduPerson AUXILIARY MAY ( eduniIDStatus $ eduniCategory $ eduniServiceCode $ eduniCollegeCode $ eduniType $ eduniOrgCode $ eduniOrganisation $ eduniSchoolCode $ eduniUnitCode $ eduniIdmsID $ krbName $ eduniLibraryBarcode $ eduniExtendedServiceCode $ eduniPrimaryAffiliationId $ eduniRefNo $ eduniTitle $ eduniCardNumber $ eduniYearOfStudy ) )
When I restart the server I get the following errors
- [19/Apr/2018:14:07:54.091084077 +0100] - WARN - str2entry_dupcheckEntry (%s), ignoring invalid line "%s"...
- [19/Apr/2018:14:07:54.091982687 +0100] - WARN - str2entry_dupcheckEntry (%s), ignoring invalid line "%s"...
- [19/Apr/2018:14:07:54.092986647 +0100] - WARN - str2entry_dupcheckEntry (%s), ignoring invalid line "%s"...
- [19/Apr/2018:14:07:54.094086999 +0100] - ERR - str2entry_dupcheck - Entry has no dn
[19/Apr/2018:14:07:54.095593412 +0100] - ERR - dse_read_one_file - Parsing entry (lineno: 72) in file /etc/dirsrv/slapd-BIO-ED-AC-UK/schema/60ededuperson.ldif failed. [19/Apr/2018:14:07:54.098502342 +0100] - ERR - dse_read_one_file - Invalid section [################################################################################ # attributeType ( 1.2.826.0.1109.2.0.0.9 NAME 'eduniSchoolCode' DESC 'edEduPerson per AuthLDAP project' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNT ...] [19/Apr/2018:14:07:54.102748222 +0100] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. [19/Apr/2018:14:13:47.143748784 +0100] - WARN - str2entry_dupcheckEntry (%s), ignoring invalid line "%s"...
Any suggestions on where I am going wrong?
Thanks _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org
-
Duncan Colhoun -
Ernedin Zajko