OpenLDAP: Adding olcObjectClasses to scheme

Question

I have added a scheme to OpenLDAP via cn=conf. The scheme was taken from WSO2 Identity Server, but was modified to apply to cn=conf and OpenLDAP.

The scheme loaded without error, but doesn't work. After querying cn=schemes,cn=conf for all loaded schemes I found that my scheme doesn't have the olcObjectClasses statements that define the name and content of the scheme. This was a part of the LDIF files I loaded (without error), but for some reason is not present in the live conf.

I am now trying to add it after the fact, but get an error:

ldapmodify: invalid format (line 5) entry: "cn={4}wso2Person,cn=schema,cn=config"

The file I am trying to load looks like this:

dn: cn={4}wso2Person,cn=schema,cn=config
changetype: modify
add: olcObjectClasses
olcObjectClasses: ( 0.3.6.1.4.1.37505.1.1
NAME 'wso2Person'
DESC 'wso2Person'
SUP inetOrgPerson
STRUCTURAL
MAY ( gender $ country $ nickName $ timeZone $ dateOfBirth $ role $ im $ url $ otherPhone $ privatePersonalIdentifier $ profileconfiguration $ prefferedLanguage)
)

When querying: ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config the section about my scheme looks like this:

# {4}wso2Person, schema, config
dn: cn={4}wso2Person,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {4}wso2Person
olcAttributeTypes: {0}( 1.3.6.1.4.1.37505.1.2       NAME 'gender'     EQUALI
TY caseIgnoreMatch       SUBSTR caseIgnoreSubstringsMatch       SYNTAX 
1.3.6.
1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {1}( 1.3.6.1.4.1.37505.1.3       NAME 'country'       
EQUALITY caseIgnoreMatch       SUBSTR caseIgnoreSubstringsMatch       SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {2}( 1.3.6.1.4.1.37505.1.4       NAME 'nickName'     EQUA
LITY caseIgnoreMatch       SUBSTR caseIgnoreSubstringsMatch       SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {3}( 1.3.6.1.4.1.37505.1.5       NAME 'timeZone'       
EQUALITY caseIgnoreMatch       SUBSTR caseIgnoreSubstringsMatch       SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {4}( 1.3.6.1.4.1.37505.1.6       NAME 'dateOfBirth'       
EQUALITY caseIgnoreMatch       SUBSTR caseIgnoreSubstringsMatch       SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {5}( 1.3.6.1.4.1.37505.1.7       NAME 'role'    EQUALITY 
caseIgnoreMatch       SUBSTR caseIgnoreSubstringsMatch       SYNTAX 1.3.6.1.
4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {6}( 1.3.6.1.4.1.37505.1.8       NAME 'im'       EQUALITY 
caseIgnoreMatch       SUBSTR caseIgnoreSubstringsMatch       SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {7}( 1.3.6.1.4.1.37505.1.9       NAME 'url'      EQUALITY
caseIgnoreMatch       SUBSTR caseIgnoreSubstringsMatch       SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {8}( 1.3.6.1.4.1.37505.1.10       NAME 'otherPhone'   
EQUALITY caseIgnoreMatch       SUBSTR caseIgnoreSubstringsMatch       SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {9}( 1.3.6.1.4.1.37505.1.11       NAME 
'privatePersonalIdentifier'       EQUALITY caseIgnoreMatch       SUBSTR 
caseIgnoreSubstringsMatch  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {10}( 1.3.6.1.4.1.37505.1.12       NAME 
'profileconfiguration'       EQUALITY caseIgnoreMatch       SUBSTR 
caseIgnoreSubstringsMatch  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: {11}( 1.3.6.1.4.1.37505.1.13       NAME 
'prefferedLanguage'          EQUALITY caseIgnoreMatch       SUBSTR 
caseIgnoreSubstringsMatch  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

What am I doing wrong?

I solved it. Everything after olcObjectClasses: needs to be read as a single line but it was not due the way I had spaced the lines in the ldif file. The reason it was not read when I added the rest of the scheme was due to an extra line break in an inappropriate place. — Björn Vildljung, Feb 28 '18 at 07:38

score 1 · Accepted Answer · answered Feb 28 '18 at 07:47

I solved it.

Everything after olcObjectClasses: needs to be read as a single line but it was not. This was due to the way I had spaced the lines in the ldif file. Below is the working file. (adding a space in front to a line indicates it is a continuation of the line before)

dn: cn={4}wso2Person,cn=schema,cn=config
changetype: modify
add: olcObjectClasses
olcObjectClasses: ( 0.3.6.1.4.1.37505.1.1
  NAME 'wso2Person'
  DESC 'wso2Person'
  SUP inetOrgPerson
  STRUCTURAL
  MAY ( gender $ country $ nickName $ timeZone $ dateOfBirth $ role $ im $ 
  url $ otherPhone $ privatePersonalIdentifier $ profileconfiguration $ 
  prefferedLanguage))

The reason it was not read when I added the rest of the scheme was due to an extra line break in an inappropriate place. There was an empty line between the addition of the olcObjectClasses and the rest of the LDIF content. se below.

[..]
olcAttributeTypes: {11}( 1.3.6.1.4.1.37505.1.13       NAME 
'prefferedLanguage'          EQUALITY caseIgnoreMatch       SUBSTR 
caseIgnoreSubstringsMatch  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

olcObjectClasses: ( 0.3.6.1.4.1.37505.1.1
[...]

OpenLDAP: Adding olcObjectClasses to scheme

1 Answers1