# adding user ldif to ldap



## bluethundr (Oct 28, 2010)

hi FreeBSD.. I am trying to add an ldif with my users that I have derived
from /etc/passwd. for some reason ldapadd is choking on the first
entry... I've also tried removing the first one and predictably each
one fails in exactly the same way...may I ask how best to correct
this?


Here is the error:


```
LDAP# ldapadd -x -D "cn=Manager,dc=summitnjhome,dc=com" -W -f /tmp/passwd.ldif
adding new entry "uid=root,ou=People,dc=summitnjhome,dc=com"
ldap_add: Invalid syntax (21)
       additional info: objectClass: value #6 invalid per syntax
```

Here is the first entry which presented a problem when I attempted to add it:



```
dn: uid=root,ou=People,dc=summitnjhome,dc=com
uid: root
cn: Enoch &
givenName: Enoch
sn: &
mail: root@summitnjhome.com
mailRoutingAddress: root@mail.summitnjhome.com
mailHost: mail.summitnjhome.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
userPassword: {crypt}*
krbName: root@summitnjhome.COM
loginShell: /bin/csh
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Enoch &
```

And here are the schemas I have included in my slapd.conf:


```
LDAP# cat /usr/local/etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/openldap.schema
include         /usr/local/etc/openldap/schema/sudoers.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/misc.schema
```

And thes are the permissions on those schema files:


```
[root@LDAP:/usr/local/etc/openldap/schema]#ls -l core.schema cosine.schema inetorgperson.schema openldap.schema sudoers.schema nis.schema misc.schema
-r--r--r--  1 root  wheel  20583 Oct  9 21:37 core.schema
-r--r--r--  1 root  wheel  74080 Oct  9 21:37 cosine.schema
-r--r--r--  1 root  wheel   6360 Oct  9 21:37 inetorgperson.schema
-r--r--r--  1 root  wheel   2471 Oct  9 21:37 misc.schema
-r--r--r--  1 root  wheel   7723 Oct  9 21:37 nis.schema
-r--r--r--  1 root  wheel   1602 Oct  9 21:37 openldap.schema
-r--r--r--  1 root  wheel   1655 Oct  9 02:50 sudoers.schema
```

And here is what is happening in the LDAP logs when I try to add the file:


```
Oct 28 19:39:20 LDAP slapd[7372]: daemon: read activity on 11
Oct 28 19:39:20 LDAP slapd[7372]: daemon: select: listen=6 active_threads=0 tvp=NULL
Oct 28 19:39:20 LDAP slapd[7372]: daemon: select: listen=7 active_threads=0 tvp=NULL
Oct 28 19:39:20 LDAP slapd[7372]: daemon: activity on 1 descriptor
Oct 28 19:39:20 LDAP slapd[7372]: daemon: waked
Oct 28 19:39:20 LDAP slapd[7372]: daemon: select: listen=6 active_threads=0 tvp=NULL
Oct 28 19:39:20 LDAP slapd[7372]: daemon: select: listen=7 active_threads=0 tvp=NULL
Oct 28 19:39:20 LDAP slapd[7372]: conn=1002 op=1 ADD dn="uid=root,ou=People,dc=summitnjhome,dc=com"
Oct 28 19:39:20 LDAP slapd[7372]: conn=1002 op=1 RESULT tag=105 err=21 text=objectClass: value #4 invalid per syntax
```


Thanks for your help!


----------



## bluethundr (Oct 29, 2010)

*it was kerberos!!*

Hey guys...


 At first I thought that it might have been mailRoutingAddress. It turns out that it is actually in misc.schema:


```
[root@LBSD2:/usr/local/etc/openldap/schema]#grep -ri mailRoutingAddress /usr/local/etc/openldap/schema
/usr/local/etc/openldap/schema/misc.schema:	NAME 'mailRoutingAddress'
/usr/local/etc/openldap/schema/misc.schema:	MAY	( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
/usr/local/etc/openldap/schema/misc.schema.default:	NAME 'mailRoutingAddress'
/usr/local/etc/openldap/schema/misc.schema.default:	MAY	( mailLocalAddress $ mailHost $ mailRoutingAddress ) )
```

BUT.. the kerberos objects were not in any of the schemas I currently have on my system:


```
[root@LBSD2:/usr/local/etc/openldap/schema]#grep -ri kerberosSecurityObject /usr/local/etc/openldap/schema
[root@LBSD2:/usr/local/etc/openldap/schema]#grep -ri krbName /usr/local/etc/openldap/schema
[root@LBSD2:/usr/local/etc/openldap/schema]#
```


Removing ALL references to the kerberos objects did the trick!!! :stud


```
[root@LDAP:/usr/local/etc/openldap/schema]#ldapadd -x -D "cn=Manager,dc=summitnjhome,dc=com" -W -f /tmp/passwd.ldif
Enter LDAP Password: 
adding new entry "uid=root,ou=People,dc=summitnjhome,dc=com"

adding new entry "uid=toor,ou=People,dc=summitnjhome,dc=com"

adding new entry "uid=daemon,ou=People,dc=summitnjhome,dc=com"

adding new entry "uid=operator,ou=People,dc=summitnjhome,dc=com"

adding new entry "uid=bin,ou=People,dc=summitnjhome,dc=com"

adding new entry "uid=tty,ou=People,dc=summitnjhome,dc=com"

adding new entry "uid=kmem,ou=People,dc=summitnjhome,dc=com"
```



The only question I would have left is that apparently the one schema I would need to incorporate kerberos stuff is krb5-kdc.schema. Would anyone happen to know of a place I could download this for when I (inevitably) attempt to incorporate this?

Best!


----------

