On Tue, 2008-09-16 at 22:01 +0200, Michael Ströder wrote: > > [EMAIL PROTECTED] ~]# ldapmodify -H ldap://host -D cn=root -w passwd -x -ZZ > -a -f /usr/share/doc/krb5-server-ldap-1.6.2/kerberos.ldif > > ldapmodify: invalid format (line 5) entry: "cn=schema" > > You should provide the relevant excerpt of the LDIF file.
It's the regular MIT-Kerberos Schema that comes with krb5-server-ldap: http://anonsvn.mit.edu/cgi-bin/viewcvs.cgi/*checkout*/trunk/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif?rev=19972 Looks like the client doesn't count the commented lines in the above error message, so I'm assuming the problematic lines to be: dn: cn=schema changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) I must note that I can correctly import the above LDIF using IBM Server (ITDS 6.1) 'ldapmodify'. Thanks, -Klaus -- Klaus Heinrich Kiwi <[EMAIL PROTECTED]> Linux Security Development, IBM Linux Technology Center
