1

I've got OpenAM (was OpenSSO) installed successfully and running in a Glassfish container. I also have OpenLDAP installed and working minimally. Now I'm trying to import an LDIF file of records from another server (Java Access Manager and Sun Java System Directory Server), but I get a persistent error when I try to run ldapadd:

ldap_add: Invalid syntax (21)
    additional info: objectClass: value #2 invalid per syntax

I've added the schema provided at http://blogs.oracle.com/indira/entry/using_openldap_as_user_data, but it doesn't seem to affect the error message. It could be that I'm missing some simple understanding about LDAP!

Here's an example record from my LDIF file (domain and password changed):

dn: uid=amAdmin,ou=People,dc=domain,dc=org
objectClass: inetuser
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: person
objectClass: top
objectClass: iplanet-am-managed-person
objectClass: iplanet-am-session-service
objectClass: iplanet-am-user-service
objectClass: iPlanetPreferences
objectClass: inetAdmin
objectClass: sunAMAuthAccountLockout
inetUserStatus: Active
cn: amAdmin
sn: amAdmin
userPassword:: ------
uid: amAdmin

I assume that the schema file provided in the link above should contain configuration for all the attributes that are used in the "objectClass" lines, but that could be one of my core misunderstandings!

Thanks for any help!

alanc
  • 1,500
  • 9
  • 12
Michael Hellein
  • 148
  • 1
  • 5

1 Answers1

1

This error is either the objectclass value is not recognized, or the attribute syntax is invalid often due to extra spaces in the LDIF definition of the entry. value #2 being inetOrgPerson, I would think the second option.

Ludo
  • 81
  • 1
  • Thanks, @Ludo. I checked for whitespace already, and I'm pretty sure that's not it. My thinking was that the objectClass value would be set by the schema I imported, but I should double check to make sure it's loaded correctly. Is there a simple way to see what my directory's settings are for objectClass? (Sorry in advance for poorly phrased questions - I'm definitely wading past my expertise!) – Michael Hellein Oct 28 '10 at 17:05
  • Michael, you should be able to verify the schema in OpenLDAP by reading the subschema subentry : ldapsearch -H ldap://ldap.mydomain.com -x -s base -b "cn=subschema" objectclasses You could check the logs at startup of OpenLDAP (I think you need to restart after changing the schema). With OpenAM, i would encourage you to consider using OpenDJ (opendj.net). Much simpler to manage than OpenLDAP. - Ludo – Ludo Oct 29 '10 at 11:16
  • Thanks, @Ludo. I'll give OpenDS a try today and post back about my progress. Thanks again! – Michael Hellein Oct 29 '10 at 11:30
  • I mean OpenDJ - mistype! – Michael Hellein Oct 29 '10 at 11:31
  • I modified the instructions here ( http://snowulf.com/2010/08/19/installing-configuring-opends-2-2-on-ubuntu-10-04/ ) for OpenDJ, and my LDIF imported without errors. Now I'm testing to be sure that everything works the way it ought to, but switching to the "right" LDAP implementation seems to have done the trick! – Michael Hellein Oct 29 '10 at 16:26