[389-users] ldap_modify: Invalid syntax (21)

Dwijadas Dey Mon, 07 Dec 2020 23:51:44 -0800

Hi I am trying to run ldapmodify using a ldif file but it results in 
ldap_modify: Invalid syntax (21) error


#  ldapmodify -D "cn=Directory Manager" -W -f PWMacis.ldif
Enter LDAP Password: 
modifying entry "cn=users,cn=accounts,dc=infodetics,dc=net"
ldap_modify: Invalid syntax (21)
        additional info: targetattr "pwmGUID" does not exist in schema. Please 
add attributeTypes "pwmGUID" to schema if necessary. ACL Syntax 
Error(-5):(targetattr = \22pwmGUID || pwmLastPwdUpdate || userPassword || 
objectClass || pwmEventLog || krbPrincipalKey\22) (target = 
\22ldap:///cn=users,cn=accounts,dc=infodetics,dc=net\22) (version 3.0; acl 
\22PWM Proxy Reset Password\22; allow (write)(userdn = 
\22ldap:///uid=pwmproxy,cn=users,cn=accounts,dc=infodetics,dc=net\22);)


PWMacis.ldif
==========
dn: cn=users,cn=accounts,dc=infodetics,dc=net
changetype: modify
replace: aci
aci: (targetattr = "*") (target = 
"ldap:///cn=users,cn=accounts,dc=infodetics,dc=net";) (version 3.0; acl "PWM 
Proxy Search"; allow (read,search)(userdn = 
"ldap:///uid=pwmproxy,cn=users,cn=accounts,dc=infodetics,dc=net";);)
aci: (targetattr = "*") (target = 
"ldap:///cn=users,cn=accounts,dc=infodetics,dc=net";) (version 3.0; acl "PWM 
Proxy Add Users"; allow (add)(userdn = 
"ldap:///uid=pwmproxy,cn=users,cn=accounts,dc=infodetics,dc=net";);)
aci: (targetattr = "pwmGUID || pwmLastPwdUpdate || userPassword || objectClass 
|| pwmEventLog || krbPrincipalKey") (target = 
"ldap:///cn=users,cn=accounts,dc=infodetics,dc=net";) (version 3.0; acl "PWM 
Proxy Reset Password"; allow (write)(userdn = 
"ldap:///uid=pwmproxy,cn=users,cn=accounts,dc=infodetics,dc=net";);)
aci: (targetattr ="userpassword || telephonenumber || facsimiletelephonenumber 
|| pwmResponseSet || pwmOtpSecret")(version 3.0;acl "Allow self entry 
modification";allow (write)(userdn = "ldap:///self";);)

From the error message it looks like the targetattr "pwmGUID" does not exist in 
schema.

However i have manually copied the schema definition for the said target 
attributes in /etc/dirsrv/slapd-INFODETICS-NET/schema folder and restarted the 
LDAP service.

The ldif file for schema definition:
=========================

dn: cn=schema                                                                   
                        
objectclass: top                                                                
                        
objectclass: ldapSubentry                                                       
                        
objectclass: subschema                                                          
                        
cn: schema                                                                      
                        
aci: (target="ldap:///cn=schema";)(targetattr !="aci")(version 3.0;acl 
"anonymous, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";;) 
                                                          
aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; 
allow (all) 
groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=infodetics,dc=net";;)        
                                            
aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow 
(all) userdn="ldap:///uid=admin,cn=users,cn=accounts,dc=infodetics,dc=net";;)    
                                                         
aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = 
"ldap:///fqdn=idm.infodetics.net,cn=computers,cn=accounts,dc=infodetics,dc=net";;)
                                                            
attributetypes: ( 1.3.6.1.4.1.35015.1.2.1 NAME 'pwmEventLog'  SYNTAX 
1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' )                         
                                                           
attributetypes: ( 1.3.6.1.4.1.35015.1.2.2 NAME 'pwmResponseSet'  SYNTAX 
1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' )                         
                                                        
attributetypes: ( 1.3.6.1.4.1.35015.1.2.3 NAME 'pwmLastPwdUpdate'  SYNTAX 
1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN 'user defined' )            
                                                      
attributetypes: ( 1.3.6.1.4.1.35015.1.2.4 NAME 'pwmGUID'  SYNTAX 
1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )             
                                                               
attributetypes: ( 1.3.6.1.4.1.35015.1.2.6 NAME 'pwmOtpSecret'  SYNTAX 
1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' )
objectclasses: ( 1.3.6.1.4.1.35015.1.1.1 NAME 'pwmUser' DESC '' SUP top 
AUXILIARY MAY ( pwmEventLog $ pwmGUID $ pwmLastPwdUpdate $ pwmResponseSet $ 
pwmOtpSecret ) X-ORIGIN 'user defined' )

What could be the issue ?
Regards 
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]

[389-users] ldap_modify: Invalid syntax (21)

Reply via email to