Gotcha. removing blank line after ' cn: djuser' fixes it. Thanks. On Fri, Mar 3, 2023 at 10:59 AM luckydog xf <[email protected]> wrote:
> Sorry, I didn't catch you. Can you explain more ? Thanks. > > On Thu, Mar 2, 2023 at 6:17 PM Howard Chu <[email protected]> wrote: > >> luckydog xf wrote: >> > Hi, list, >> > >> > I'm trying to migrate opendj to openLDAP. Here is a customized schema. >> > === >> > dn: cn=schema >> > objectclass: top >> > objectclass: ldapSubentry >> > objectclass: subschema >> > cn: schema >> > attributeTypes: ( 1.12.23.34.45.56.780 NAME 'active' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.7 X-SCHEMA-FILE '99-user.ldif' ) >> > attributeTypes: ( 1.12.23.34.45.56.782 NAME 'accountName' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 X-SCHEMA-FILE '99-user.ldif' ) >> > attributeTypes: ( 1.12.23.34.45.56.784 NAME 'djGroups' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 X-SCHEMA-FILE '99-user.ldif' ) >> > attributeTypes: ( 1.12.23.34.45.56.786 NAME 'departmentId' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 X-SCHEMA-FILE '99-user.ldif' ) >> > attributeTypes: ( 1.12.23.34.45.56.788 NAME 'department' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 X-SCHEMA-FILE '99-user.ldif' ) >> > attributeTypes: ( 1.12.23.34.45.56.790 NAME 'companyCode' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 X-SCHEMA-FILE '99-user.ldif' ) >> > attributeTypes: ( 1.12.23.34.45.56.792 NAME 'parent' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 X-SCHEMA-FILE '99-user.ldif' ) >> > ds-sync-generation-id: 8408 >> > ds-sync-state: 01050186432c61a90000f9ca10880 >> > ds-sync-state: 0105017a002b3170002f4a1b16311 >> > modifiersName: cn=Administrator >> > modifyTimestamp: 20190711063414Z >> > objectClasses: ( 1.12.23.34.45.56.880 NAME 'idmExt' DESC 'idm user >> extended attributes' SUP top AUXILIARY MUST active MAY ( accountName $ >> djGroups $ >> > departmentId $ department $ companyCode ) X-SCHEMA-FILE >> > '99-user.ldif' ) >> > objectClasses: ( 1.12.23.34.45.56.890 NAME 'idmDept' DESC 'idm >> department extended attributes' SUP top AUXILIARY MAY parent X-SCHEMA-FILE >> '99-user.ldif' ) >> > === >> > >> > I changed it to LDAP compliant one. >> >> LDIF files must not have blank lines within a single entry. You added an >> entry with "cn" and no other attributes. >> > --- >> > dn: cn=djuser,cn=schema,cn=config >> > objectClass: olcSchemaConfig >> > cn: djuser >> > >> > olcAttributeTypes: ( 1.12.23.34.45.56.780 NAME 'active' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.7 ) >> > olcAttributeTypes: ( 1.12.23.34.45.56.782 NAME 'accountName' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 ) >> > olcAttributeTypes: ( 1.12.23.34.45.56.784 NAME 'djGroups' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 ) >> > olcAttributeTypes: ( 1.12.23.34.45.56.786 NAME 'departmentId' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 ) >> > olcAttributeTypes: ( 1.12.23.34.45.56.788 NAME 'department' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 ) >> > olcAttributeTypes: ( 1.12.23.34.45.56.790 NAME 'companyCode' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 ) >> > olcAttributeTypes: ( 1.12.23.34.45.56.792 NAME 'parent' SYNTAX >> 1.3.6.1.4.1.1466.115.121.1.15 ) >> > >> > olcObjectClasses: ( 1.12.23.34.45.56.880 NAME 'idmExt' DESC 'idm user >> extended attributes' SUP top AUXILIARY MUST active MAY ( accountName $ >> djGroups $ >> > departmentId $ department $ companyCode ) ) >> > olcObjectClasses: ( 1.12.23.34.45.56.890 NAME 'idmDept' DESC 'idm >> department extended attributes' SUP top AUXILIARY MAY parent ) >> > >> > ----- >> > It can be imported by `ldapadd -Y EXTERNAL -H ldapi:/// -f 99-user.ldif` >> > However, there is nothing in >> > === >> > [root@hq-repo cn=config]# more cn\=schema/cn\=\{10\}djuser.ldif >> > # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. >> > # CRC32 310b21fa >> > dn: cn={10}djuser >> > objectClass: olcSchemaConfig >> > cn: {10}djuser >> > structuralObjectClass: olcSchemaConfig >> > entryUUID: 6b852150-4b97-103d-86fe-7b79b4eef873 >> > creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >> > createTimestamp: 20230228093837Z >> > entryCSN: 20230228093837.038174Z#000000#000#000000 >> > modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >> > modifyTimestamp: 20230228093837Z >> > >> > === >> > I'm using openldap 2.4. >> > Anything wrong with my schema ? >> > >> > Thanks. >> >> >> -- >> -- Howard Chu >> CTO, Symas Corp. http://www.symas.com >> Director, Highland Sun http://highlandsun.com/hyc/ >> Chief Architect, OpenLDAP http://www.openldap.org/project/ >> >
