-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian Gaber wrote: |>Attempting to convert OpenLDAP v2.0.27-11 to OpenLDAP v2.2.26 |>I am running the 2.2.26 slapadd on the file created by the 2.0.27 slapcat |> |>Here is what I get: |> |> | | Did you add the fw1person schema to slapd.conf ? |
| Yes, I did, its not too long (95 lines) so I have included it below. | It is called fw1ng.schema, It comes from CheckPoint corporation for | their firewall to determine access by their firewall. Well, either they haven't been maintaining it, or you have an old copy ... | If anyone is | interested here is their document that I used for my setup | http://www.opsec.com/solutions/partners/downloads/OpenLDAP_VPN-1.pdf | It's outdated: "Abstract Check Point? VPN-1® NG has the ability to access LDAP directory servers for managing users, groups and templates. OpenLDAP is a free, stable and widely used LDAP Server on UNIX platforms. This guide describes how to configure OpenLDAP on Red Hat Linux 8.0 for the integration with VPN-1NG SmartDirectory." | objectclass ( 1.3.114.7.3.2.0.1 NAME 'fw1template' | SUP 'top' | MUST ( cn ) | MAY ( | member $ description $ fw1auth-method $ fw1auth-server $ fw1pwdlastmod $ | fw1skey-number $ fw1skey-seed $ fw1skey-passwd $ fw1skey-mdm $ | fw1expiration-date $ fw1hour-range-from $ fw1hour-range-to $ fw1day $ | fw1allowed-src $ fw1allowed-dst $ fw1allowed-vlan $ fw1SR-keym $ | fw1SR-datam $ fw1SR-mdm $ fw1enc-fwz-expiration $ fw1sr-auth-track $ | fw1grouptemplate $ fw1ISAKMP-EncMethod $ fw1ISAKMP-AuthMethods $ | fw1ISAKMP-HashMethods $ fw1ISAKMP-Transform $ fw1ISAKMP-DataIntegrityMethod $ | fw1ISAKMP-SharedSecret $ fw1ISAKMP-DataEncMethod $ fw1enc-methods $ | fw1userPwdPolicy $ memberOf ) | ) | objectclass ( 1.3.114.7.3.2.0.2 | NAME 'fw1person' | SUP 'top' | MUST ( cn $ sn ) | MAY ( | description $ userpassword $ mail $ uid $ fw1auth-method $ fw1auth-server $ | fw1pwdlastmod $ fw1skey-number $ fw1skey-seed $ fw1skey-passwd $ fw1skey-mdm $ | fw1expiration-date $ fw1hour-range-from $ fw1hour-range-to $ fw1day $ | fw1allowed-src $ fw1allowed-dst $ fw1allowed-vlan $ fw1SR-keym $ fw1SR-datam $ | fw1SR-mdm $ fw1enc-fwz-expiration $ fw1sr-auth-track $ fw1grouptemplate $ | fw1ISAKMP-EncMethod $ fw1ISAKMP-AuthMethods $ fw1ISAKMP-HashMethods $ | fw1ISAKMP-Transform $ fw1ISAKMP-DataIntegrityMethod $ fw1ISAKMP-SharedSecret $ | fw1ISAKMP-DataEncMethod $ fw1enc-methods $ fw1userPwdPolicy $ fw1badPwdCount $ | fw1lastLoginFailure $ memberoftemplate $ memberOf ) | ) Well, from my understanding of rfc2252, the objectclass definition should specify one of "ABSTRACT", "STRUCTURAL", or "AUXILIARY", using AUXILIARY will solve your problem ... eg (watch out for line breaks though ...): objectclass ( 1.3.114.7.3.2.0.2 ~ NAME 'fw1person' ~ SUP 'top' AUXILIARY ~ MUST ( cn $ sn ) ~ MAY ( ~ description $ userpassword $ mail $ uid $ fw1auth-method $ fw1auth-server $ ~ fw1pwdlastmod $ fw1skey-number $ fw1skey-seed $ fw1skey-passwd $ fw1skey-mdm $ ~ fw1expiration-date $ fw1hour-range-from $ fw1hour-range-to $ fw1day $ ~ fw1allowed-src $ fw1allowed-dst $ fw1allowed-vlan $ fw1SR-keym $ fw1SR-datam $ ~ fw1SR-mdm $ fw1enc-fwz-expiration $ fw1sr-auth-track $ fw1grouptemplate $ ~ fw1ISAKMP-EncMethod $ fw1ISAKMP-AuthMethods $ fw1ISAKMP-HashMethods $ ~ fw1ISAKMP-Transform $ fw1ISAKMP-DataIntegrityMethod $ fw1ISAKMP-SharedSecret $ ~ fw1ISAKMP-DataEncMethod $ fw1enc-methods $ fw1userPwdPolicy $ fw1badPwdCount $ ~ fw1lastLoginFailure $ memberoftemplate $ memberOf ) ~ ) Of course, you should *really* consult the vendor who supplied you with the schema. Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.Eng RHCE (803004789010797),LPIC-1 (LPI000074592) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC4KXarJK6UGDSBKcRAocdAKC0Ii5lTG1jezl/gSsmfq+iiZNljgCfaIz0 OuWbdlLdNYjL6YXaEJ7WJZE= =0hcn -----END PGP SIGNATURE-----
