Anonymous_User Absent Member.
Absent Member.
1276 views

SSPR eDirectory schema extension


Looks like there may be some syntax issues with the .sch and/or the
..ldif files included with the sspr 3.0 install media.

I've installed SSPR in a three-tier environment (dev, test, prod) and
found different issues as I've learned to "look out" for them.

For instance the .sch file will happily import via install.dlm, but it
will not create the pwmUser class!

When I've used the ldif file for eDirectory, the output logs in apache
directory studio (doing the ldif import there) complain about "#!ERROR
[LDAP: error code 21 - Invalid Attribute Syntax]" for things like
pwmResponseSet, pwmLastPwdUpdate, pwmGUID, and pwmToken.


--
choponis
------------------------------------------------------------------------
choponis's Profile: https://forums.netiq.com/member.php?userid=5896
View this thread: https://forums.netiq.com/showthread.php?t=49219

0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: SSPR eDirectory schema extension

I believe you may be hitting Bug# 847284. The LDIF should work afaik,
assuming your .sch error is something like "Failed to add schema class
pwmUser. Err: -758".

There may be additional issues with the LDIF I suppose; are you using the
3.0.0.1 media (available as a patch) instead of the original shipping
3.0.0 stuff?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR eDirectory schema extension


didn't know there was a patch 3.0.0.1 - thanks for passing along.

went and got it, but the ldif and sch files for edir are identical. not
seeing any help there.

the sch import shows a message box saying it's successful - don't show
me an error - should i be looking somewhere else to find the code -758
or similar?


--
choponis
------------------------------------------------------------------------
choponis's Profile: https://forums.netiq.com/member.php?userid=5896
View this thread: https://forums.netiq.com/showthread.php?t=49219

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR eDirectory schema extension

With a .sch file I'd use ndssch for the import
(/opt/novell/eDirectory/bin/ndssch probably) and for the LDIF I'd use
ldapmodify (but Apache Directory Studio is great and should be fine too).
Care to post your failing LDIF file somewhere (like SUSE Paste or
PasteBin or something) for us to review? Assuming the file isn't corrupt
for some silly reason I'd expect this to work, but the last 2.x and 3.x
installs I did were without schema extensions to eDir.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR eDirectory schema extension


http://pastebin.com/yayvACx5


--
choponis
------------------------------------------------------------------------
choponis's Profile: https://forums.netiq.com/member.php?userid=5896
View this thread: https://forums.netiq.com/showthread.php?t=49219

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR eDirectory schema extension


here's the ldif source file from the 3.0 media.
it is the same as the 3.0.0.1 media from what i could tell (text file
compare via primalMerge).

http://pastebin.com/vv8h7QZn


--
choponis
------------------------------------------------------------------------
choponis's Profile: https://forums.netiq.com/member.php?userid=5896
View this thread: https://forums.netiq.com/showthread.php?t=49219

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR eDirectory schema extension

Just to be sure, have you tried looking in eDirectory (via LDAP
(ldapsearch or Apache Directory Studio) or iMonitor) and seen if the
schema is in there despite the errors? I'm guessing everything is there
and that these errors are irrelevant, but I cannot tell without seeing
your system directly, or at least seeing an LDAP export of some kind.

If you want to get an LDAP export from ldapsearch, this is how it looks:

Code:
--------------------
ldapsearch -h myldapserver.domain.com -p 389 -x -b cn=schema -s base
--------------------

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR eDirectory schema extension


Paste bin of schema after import vs. source files
http://pastebin.com/36HxTj3v

I found something I was hoping to explain - but I can't yet.

I included snippets of pwmToken -> the syntax in the sch and ldif don't
match the schema output -pwmGUID was the same
syntax is specified as 1.3.6.1.4.1.1466.115.121.1.15
in my schema output it shows as 2.16.840.1.113719.1.1.5.1.15

doesn't this seem to be a problem?

the others looked fine except for pwmGUID and pwmToken.


--
choponis
------------------------------------------------------------------------
choponis's Profile: https://forums.netiq.com/member.php?userid=5896
View this thread: https://forums.netiq.com/showthread.php?t=49219

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR eDirectory schema extension

On 11/14/2013 11:44 AM, choponis wrote:
>
> Paste bin of schema after import vs. source files
> http://pastebin.com/36HxTj3v
>
> I found something I was hoping to explain - but I can't yet.
>
> I included snippets of pwmToken -> the syntax in the sch and ldif don't
> match the schema output -pwmGUID was the same
> syntax is specified as 1.3.6.1.4.1.1466.115.121.1.15
> in my schema output it shows as 2.16.840.1.113719.1.1.5.1.15
>
> doesn't this seem to be a problem?
>
> the others looked fine except for pwmGUID and pwmToken.


The mismatch is odd, but since the bug mentioned previously specifies to
only use the LDIF going forward that may be the final fix for the issue.

You mentioned originally that you have dev/test/prod setup and that
symptoms from your install differed in each. Do you have any history of
using SSPR or PWM in these environments before you started doing this?
Have you had any other applications create 'pwm*' schema in the past? My
stock, boring, testing eDir tree does not have any 'pwm' schema, so I am
left to wonder if something in your tree's past may have created that and
caused you more trouble than I have had (though, again, I have not tried
extending my schema yet for SSPR).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.