On Tuesday 10 June 2008 00:34:02 Ed Greenberg wrote: > Howard Chu wrote: > > Aaron Richton wrote: > >>> I added the following to my schema directory: > >>> dn: cn=schema > >>> attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC > >>> 'User(s) who > >>> may run sudo' EQUALITY caseExactIA5Match SUBSTR > >>> caseExactIA5SubstringsMatch > >>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
This is an LDIF-format schema file, typically for use with FDS/Sun JES/Netscape etc. Why don't you use the sudo.schema provided for OpenLDAP instead? (or, you can grab it here: http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/openldap/current/SOURCES/sudo.schema?revision=85700&view=markup ) > >> > >> [...etc...] > >> > >>> and referenced it in slapd.conf as: > >>> include /etc/openldap/schema/sudoers.schema > >> > >> This looks like you're mixing a classic config file and a back-config > >> configuration. My guess is you need to include sudoers.schema using > >> back-config. > > > > It's not the correct syntax for either cn=config or slapd.conf. > > Remember that in 2.3 and earlier, invalid keywords in slapd.conf are > > silently ignored... > > Many good answers, for which I'm thankful... > > The problem turns out to be a syntax error, not in the attributes but in > the object class: > > Resolved by changing > > objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 ... > > > to > > objectClass ( 1.3.6.1.4.1.15953.9.2.1 ... But, it works because it is ignoring the ldif parts, and you've broken the ldif parts to look like a normal OpenLDAP schema definition ... now technically the file is neither ... Regards, Buchan
