Hi Eygene,
I had the same problem and ended up fixing the edg-user.schema
(file attatched)
Regards
Chris W.
On Sat, 27 Nov 2004, Eygene A. Ryabinkin wrote:
> Good day.
> I'm trying to create a new VO and I have some problems with LDAP configuration.
> As stated in http://grid-deployment.web.cern.ch/grid-deployment/cgi-bin/index.cgi?var=gis/dteam-setup,
> we must use the following bootstrap LDIF file to initialise our LDAP directory:
> --%<--
> dn: o=dteam,dc=lcg,dc=org
> description: LCG Deployment Team VO
> objectclass: top
> objectclass: organization
> objectclass: domain
> dc: dteam
> o: dteam
>
>
> dn: ou=lcg1,o=dteam,dc=lcg,dc=org
> description: LCG Deployment Team VO Group
> objectclass: domain
> objectclass: organizationalUnit
> objectclass: groupofnames
> dc: lcg1
> ou: lcg1
> cn: lcg1
> owner: cn=manager,dc=lcg,dc=org
> member: cn=Bootstrap user,ou=people,o=dteam,dc=lcg,dc=org
>
>
> dn: ou=people,o=dteam,dc=lcg,dc=org
> description: All LCG Deployment Team People
> objectclass: organizationalUnit
> ou: People
> -->%--
> But, for example, the entry o=dteam,dc=lcg,dc=org will belong to two
> structural objectclasses, that is denied by LDAP, if I understand the
> specification correctly. If I'm trying to feed such LDIF to slapd it says:
> ldap_add: Invalid syntax (21)
> aditional info: objectclass: value #2 invalid per syntax
> Could someone enlight me on this? Maybe the administrators of an existing VO's
> can say something?
> Thanks.
> --
> rea
>
-----------------------------------------------------------------------
Chris Williams
Tel/Fax : +44 (0)207 8825054
Department of Physics
Queen Mary College, Mile End Road, London, E1 4NS
-----------------------------------------------------------------------
# Schema for DataGrid users
attributetype ( 1.3.6.1.4.1.998.100.1.12 NAME 'daterequestaccount'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.998.100.1.10 NAME 'datenotbefore'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.998.100.1.2 NAME 'datenotafter'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.998.100.1.3 NAME 'status'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.998.100.1.4 NAME 'institute'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.998.100.1.5 NAME 'responsible'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.998.100.1.6 NAME 'unit'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.998.100.1.7 NAME 'issuerDN'
DESC 'The user friendly version of the distinguished name of the issuer of a certificate'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.998.100.1.8 NAME 'subjectDN'
DESC 'The user friendly version of the distinguished name of the subject of a certificate'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.998.100.1.9 NAME 'cert'
DESC 'certificate'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
attributetype ( 1.3.6.1.4.1.998.100.1.11 NAME 'VO'
DESC 'The VO required by the user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectClass (1.3.6.1.4.1.998.100.2.1 NAME 'edguser'
DESC 'VO user'
SUP top
MAY ( cn $ datenotbefore $ datenotafter $ status $ institute $ responsible $ unit $ issuerDN $ subjectDN $ cert $ VO $ daterequestaccount))
|