grouper-dev - ldappc help
Subject: Grouper Developers Forum
List archive
- From: Chris Hyzer <>
- To: Grouper Dev <>
- Subject: ldappc help
- Date: Wed, 13 Feb 2008 13:05:19 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
|
Hey, Didn’t someone post step by step instructions on how
to use ldappc with openldap at some point? Cant seem to locate. Anyways, Im going by the javadoc documentation, and I freshly
installed openldap 2.3.39 on linux RHEL AS4. This is the HEAD
ldappd checkout. Im starting by loading test data and running the test
cases. Thanks! Chris The error is: [mchyzer@flash ldap]$ ldapadd -x -D
"cn=Manager,dc=example,dc=edu" -w "XXXXXXXX" -f
ldappcSubject.ldif adding new entry "dc=example,dc=edu" adding new entry "ou=kitn,dc=example,dc=edu" adding new entry "ou=uob,dc=example,dc=edu" adding new entry
"ou=testgrouper,dc=example,dc=edu" adding new entry "cn=manager,dc=example,dc=edu" adding new entry
"kitnedupersonregid=SD00080,ou=kitn,dc=example,dc=edu" ldapadd: Invalid syntax (21)
additional info: objectclass: value #2 invalid per syntax My slapd.conf is: [root@flash openldap]# cat slapd.conf include
/usr/local/etc/openldap/schema/core.schema include
/usr/local/etc/openldap/schema/ldappc.schema include
/usr/local/etc/openldap/schema/kitneduperson.schema pidfile
/usr/local/var/run/slapd.pid argsfile
/usr/local/var/run/slapd.args database bdb #suffix
"dc=groups-dev,dc=upenn,dc=edu" suffix
"dc=example,dc=edu" #rootdn
"cn=Manager,dc=groups-dev,dc=upenn,dc=edu" rootdn
"cn=Manager,dc=example,dc=edu" rootpw
XXXXXXXXXX directory
/usr/local/var/openldap-data index objectClass eq [root@flash openldap]# Here is my ldappc schema file (do other files need to be
there, or can I just copy this to the openldap schema dir?): [root@flash openldap]# cat
/usr/local/etc/openldap/schema/ldappc.schema # Internet X.500 Schema for Auth2ldap # Includes the eduPermissions ObjectClass schema # # # *** Start eduPermission ### # attributetype ( 1.3.6.1.4.1.5923.1.1.123456789.1.1 NAME
'eduPermissionId' DESC 'The
permissionId of the permission' EQUALITY
caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.5923.1.1.123456789.1.2 NAME
'eduPermissionSubsystemId' DESC 'The
identifier of the subsystem within which this permission is defined' EQUALITY
caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.5923.1.1.123456789.1.3 NAME
'eduPermissionScopeId' DESC 'The
identifier of the scope within which this permission is defined' EQUALITY
caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.5923.1.1.123456789.1.4 NAME
'eduPermissionScopeName' DESC 'The name of
the scope within which this permission is defined' EQUALITY
caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.5923.1.1.123456789.1.5 NAME
'eduPermissionLimitId' DESC 'A limitId
associated with the permission' EQUALITY
caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.5923.1.1.123456789.1.6 NAME
'eduPermissionLimit' DESC 'A limit
associated with the permission' EQUALITY
caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ) objectclass ( 1.3.6.1.4.1.5923.1.1.123456789 NAME
'eduPermission' SUP top STRUCTURAL MUST (
eduPermissionSubsystemId $ eduPermissionId $ eduPermissionLimitId ) MAY (
eduPermissionScopeId $ eduPermissionScopeName $ eduPermissionLimit ) ) # # *** Start eduMember ### # # # An auxiliary object class, "eduMember," is a
convenient container # for an extensible set of attributes concerning group
memberships. # At this time, the only attributes specified as belonging
to the # object class are "isMemberOf" and
"hasMember." # attributetype ( 1.3.6.1.4.1.5923.1.5.1.1 NAME 'isMemberOf' DESC 'identifiers
for groups to which containing entity belongs' EQUALITY
caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.5923.1.5.1.2 NAME 'hasMember' DESC 'identifiers
for entities that are members of the group' EQUALITY
caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ) objectclass ( 1.3.6.1.4.1.5923.1.5.2.1 NAME 'eduMember' AUXILIARY MAY ( isMemberOf
$ hasMember ) ) # # *** Start eduPerson ### # # eduPersonAffiliation # Specifies a person's relationship(s) to the institution in # broad categories such as student, faculty, staff, alum,
etc. attributetype ( 1.3.6.1.4.1.5923.1.1.1.1 NAME
'eduPersonAffiliation' DESC 'eduPerson
per Internet2 and EDUCAUSE' EQUALITY
caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' ) # eduPersonNickname # Specifies a person's nickname, or the informal name by
which # they are accustomed to be hailed. attributetype ( 1.3.6.1.4.1.5923.1.1.1.2 NAME
'eduPersonNickname' DESC 'eduPerson
per Internet2 and EDUCAUSE' EQUALITY
caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' ) # eduPersonOrgDN # The distinguished name (DN) of the directory entry # representing the institution with which the person # is associated. attributetype ( 1.3.6.1.4.1.5923.1.1.1.3 NAME
'eduPersonOrgDN' DESC 'eduPerson
per Internet2 and EDUCAUSE' EQUALITY
distinguishedNameMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) # eduPersonOrgUnitDN # The distinguished name (DN) of the directory entries
representing # the person's Organizational Unit(s). attributetype ( 1.3.6.1.4.1.5923.1.1.1.4 NAME
'eduPersonOrgUnitDN' DESC 'eduPerson
per Internet2 and EDUCAUSE' EQUALITY
distinguishedNameMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.12' ) # eduPersonPrimaryAffiliation # Specifies a person's PRIMARY relationship to the
institution # in broad categories such as student, faculty, staff, alum,
etc. attributetype ( 1.3.6.1.4.1.5923.1.1.1.5 NAME
'eduPersonPrimaryAffiliation' DESC 'eduPerson
per Internet2 and EDUCAUSE' EQUALITY
caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) # eduPersonPrincipalName # The "NetID" of the person for the purposes of
inter-institutional # authentication. Should be stored in the form of
, # where univ.edu is the name of the local security domain. attributetype ( 1.3.6.1.4.1.5923.1.1.1.6 NAME
'eduPersonPrincipalName' DESC 'eduPerson
per Internet2 and EDUCAUSE' EQUALITY
caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) # eduPersonEntitlement attributetype ( 1.3.6.1.4.1.5923.1.1.1.7 NAME
'eduPersonEntitlement' DESC 'eduPerson
per Internet2 and EDUCAUSE' EQUALITY
caseExactMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' ) # eduPersonPrimaryOrgUnitDN attributetype ( 1.3.6.1.4.1.5923.1.1.1.8 NAME
'eduPersonPrimaryOrgUnitDN' DESC 'eduPerson
per Internet2 and EDUCAUSE' EQUALITY
distinguishedNameMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) # eduPersonScopedAffiliation attributetype ( 1.3.6.1.4.1.5923.1.1.1.9 NAME
'eduPersonScopedAffiliation' DESC 'eduPerson
per Internet2 and EDUCAUSE' EQUALITY
caseIgnoreMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) # eduPerson # The eduPerson objectclass is used to represent people who
are # associated with a university/school in some way. It
is derived # from the inetOrgPerson objectclass. objectclass ( 1.3.6.1.4.1.5923.1.1.2 NAME 'eduPerson' AUXILIARY MAY (
eduPersonAffiliation $ eduPersonNickname $
eduPersonOrgDN $ eduPersonOrgUnitDN $
eduPersonPrimaryAffiliation $ eduPersonPrincipalName $
eduPersonEntitlement $ eduPersonPrimaryOrgUnitDN $
eduPersonScopedAffiliation
) ) [root@flash openldap]# [root@flash schema]# more kitneduperson.schema # tjb 4 mar 2006 attributetype ( 1.3.6.4.1.9902.99999.1.1.1 NAME
'kitnEduPersonRegId' DESC 'registry id
of the person' EQUALITY
caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ) objectclass (
1.3.6.4.1.9902.99999.1.1 NAME 'kitnEduPerson' DESC 'KITN Edu Person objectclass' SUP top AUXILIARY MAY kitnEduPersonRegId ) [root@flash schema]# |
- ldappc help, Chris Hyzer, 02/13/2008
- Re: [grouper-dev] ldappc help, Tom Barton, 02/13/2008
- RE: [grouper-dev] ldappc help, Chris Hyzer, 02/13/2008
- Re: [grouper-dev] ldappc help, Tom Barton, 02/13/2008
Archive powered by MHonArc 2.6.16.