Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
231 views

Schema add with ldif file


Trying to add an attrib with ldapmodify and getting insufficient access
error with the following ldif file:

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( fhtest-oid NAME 'fhtest' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE
X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )

calling the ldif with:
ldapmodify -h <server> -d <admin user dn> -w <pw> -f <filename>

The admin user can add an attrib in iManager. What am I doing wrong?


--
Lynchsr
------------------------------------------------------------------------
Lynchsr's Profile: https://forums.netiq.com/member.php?userid=3915
View this thread: https://forums.netiq.com/showthread.php?t=48204

Labels (1)
0 Likes
9 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Schema add with ldif file

On Tue, 16 Jul 2013 18:24:01 +0000, Lynchsr wrote:

> Trying to add an attrib with ldapmodify and getting insufficient access
> error with the following ldif file:
>
> dn: cn=schema
> changetype: modify
> add: attributetypes
> attributeTypes: ( fhtest-oid NAME 'fhtest' SYNTAX
> 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE
> X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )


One obvious question, is this the actual LDIF file you're trying?
Because if it is, the attributeTypes is wrong. Because it is over
multiple lines, the second and third line should be indented by a space,
like:

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( fhtest-oid NAME 'fhtest' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE
X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )

But I'd think you'd get a formatting error, not an access denied error.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Schema add with ldif file


It was one line, wordwrapped when I copied it. Does it need SSL for
schema updates?


--
Lynchsr
------------------------------------------------------------------------
Lynchsr's Profile: https://forums.netiq.com/member.php?userid=3915
View this thread: https://forums.netiq.com/showthread.php?t=48204

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Schema add with ldif file

SSL is not relevant. Do you by chance already have something with this
name defined?

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Schema add with ldif file

On Tue, 16 Jul 2013 21:24:01 +0000, Lynchsr wrote:

> It was one line, wordwrapped when I copied it.


One line should work. Ok, so much for that idea then.


> Does it need SSL for
> schema updates?


Depends on your LDAP Server config. If you require SSL for authenticated
binds, then yes, but that's not specific to schema updates, it would
apply to any auth bind. Also, if I recall correctly, you get back a
"confidentiality required" error if SSL is required and you try to not
use it.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Schema add with ldif file


It must be the syntax. I just tried it on a directory/admin that I KNOW
works and it gave me the same insufficient access. Any examples of
adding an attrib via ldif. I'm trying to make a test copy of a prod
directory with MANY custom attribs.


--
Lynchsr
------------------------------------------------------------------------
Lynchsr's Profile: https://forums.netiq.com/member.php?userid=3915
View this thread: https://forums.netiq.com/showthread.php?t=48204

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Schema add with ldif file

I just imported your exact, original LDIF into my tree without any issues
(with the attributeTypes value on one line).

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Schema add with ldif file

On Wed, 17 Jul 2013 20:14:02 +0000, Lynchsr wrote:

> It must be the syntax. I just tried it on a directory/admin that I KNOW
> works and it gave me the same insufficient access. Any examples of
> adding an attrib via ldif.


dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
2.16.840.1.113719.2.327.4.58.1
NAME 'niuGroupStartDate'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
)


> I'm trying to make a test copy of a prod
> directory with MANY custom attribs.


It's worked for me, many times.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Schema add with ldif file


Hey, thanks to both of you for telling me I wasn't nuts. My ldif was
fine, my directory was fine, my -d instead of -D for the admin DN on the
ldapmodify line killed me. OK, I'm an idiot, but got it figured out.
Thanks for your help.
Steve


--
Lynchsr
------------------------------------------------------------------------
Lynchsr's Profile: https://forums.netiq.com/member.php?userid=3915
View this thread: https://forums.netiq.com/showthread.php?t=48204

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Schema add with ldif file

On Fri, 19 Jul 2013 01:14:02 +0000, Lynchsr wrote:

> Hey, thanks to both of you for telling me I wasn't nuts. My ldif was
> fine, my directory was fine, my -d instead of -D for the admin DN on the
> ldapmodify line killed me.


Ah, whoops, I missed that too. Good to hear you got it figured out.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.