Hi I am trying to use LDAP service which is installed in the IPA server to authenticate Guacamole users. Guacamole and LDAP integration specifies that i need to create an additional object called guacConfigGroup.
To accomplish that, i have downloaded the supplied ldif file from https://guacamole.apache.org/doc/1.2.0/gug/ldap-auth.html and executed ldapadd utility command with the following ldif file:
Command ========
# ldapadd -h idm.mydomain.net -p 389 -x -D "cn=Directory Manager" -w 'secret' -f guacConfigGroup.ldif
guacConfigGroup.ldif ================
dn: cn=guacConfigGroup,cn=schema,cn=config objectClass: olcSchemaConfig cn: guacConfigGroup olcAttributeTypes: {0}( 1.3.6.1.4.1.38971.1.1.1 NAME 'guacConfigProtocol' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {1}( 1.3.6.1.4.1.38971.1.1.2 NAME 'guacConfigParameter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcObjectClasses: {0}( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup' DESC 'Guacamole configuration group' SUP groupOfNames MUST guacConfigProtocol MAY guacConfigParameter )
However, i am getting the following error while trying to add guacConfigGroup object
adding new entry "cn=guacConfigGroup,cn=schema,cn=config" ldap_add: Object class violation (65) additional info: unknown object class "olcSchemaConfig"
Any insights will be highly appreciated !
Regards
Hi Dey,
I think that the problem is that the schema ldif is written for OpenLDAP and not 389 ... Removing the olc prefix from the ldif will probably be enough to fix the issue.
FYI: there is a discussion about such problem in https://389-users.fedoraproject.narkive.com/BaId0kKV/migration-from-openldap...
Regards Pierre
On Thu, Mar 4, 2021 at 6:57 AM dd4321 Dey dwijadasdey@gmail.com wrote:
Hi I am trying to use LDAP service which is installed in the IPA server to authenticate Guacamole users. Guacamole and LDAP integration specifies that i need to create an additional object called guacConfigGroup.
To accomplish that, i have downloaded the supplied ldif file from https://guacamole.apache.org/doc/1.2.0/gug/ldap-auth.html and executed ldapadd utility command with the following ldif file:
Command
# ldapadd -h idm.mydomain.net -p 389 -x -D "cn=Directory Manager" -w 'secret' -f guacConfigGroup.ldif
guacConfigGroup.ldif
dn: cn=guacConfigGroup,cn=schema,cn=config objectClass: olcSchemaConfig cn: guacConfigGroup olcAttributeTypes: {0}( 1.3.6.1.4.1.38971.1.1.1 NAME 'guacConfigProtocol' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {1}( 1.3.6.1.4.1.38971.1.1.2 NAME 'guacConfigParameter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcObjectClasses: {0}( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup' DESC 'Guacamole configuration group' SUP groupOfNames MUST guacConfigProtocol MAY guacConfigParameter )
However, i am getting the following error while trying to add guacConfigGroup object
adding new entry "cn=guacConfigGroup,cn=schema,cn=config" ldap_add: Object class violation (65) additional info: unknown object class "olcSchemaConfig"
Any insights will be highly appreciated !
Regards _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On 4 Mar 2021, at 15:55, dd4321 Dey dwijadasdey@gmail.com wrote:
Hi I am trying to use LDAP service which is installed in the IPA server to authenticate Guacamole users. Guacamole and LDAP integration specifies that i need to create an additional object called guacConfigGroup.
To accomplish that, i have downloaded the supplied ldif file from https://guacamole.apache.org/doc/1.2.0/gug/ldap-auth.html and executed ldapadd utility command with the following ldif file:
Command
# ldapadd -h idm.mydomain.net -p 389 -x -D "cn=Directory Manager" -w 'secret' -f guacConfigGroup.ldif
guacConfigGroup.ldif
dn: cn=guacConfigGroup,cn=schema,cn=config objectClass: olcSchemaConfig cn: guacConfigGroup olcAttributeTypes: {0}( 1.3.6.1.4.1.38971.1.1.1 NAME 'guacConfigProtocol' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: {1}( 1.3.6.1.4.1.38971.1.1.2 NAME 'guacConfigParameter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcObjectClasses: {0}( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup' DESC 'Guacamole configuration group' SUP groupOfNames MUST guacConfigProtocol MAY guacConfigParameter )
However, i am getting the following error while trying to add guacConfigGroup object
adding new entry "cn=guacConfigGroup,cn=schema,cn=config" ldap_add: Object class violation (65) additional info: unknown object class "olcSchemaConfig"
Any insights will be highly appreciated !
Recently we added some tooling to help automate moving from openldap to 389, and that includes the ability to convert olc schema formats. It could probably be extended to do schema imports from olc format without to much effort IMO. I will keep this mail open so that I add this next week, I have a few other migration related tasks to follow up at the moment.
Regards _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia
adding new entry "cn=guacConfigGroup,cn=schema,cn=config" ldap_add: Object class violation (65) additional info: unknown object class "olcSchemaConfig"
Any insights will be highly appreciated !
Recently we added some tooling to help automate moving from openldap to 389, and that includes the ability to convert olc schema formats. It could probably be extended to do schema imports from olc format without to much effort IMO. I will keep this mail open so that I add this next week, I have a few other migration related tasks to follow up at the moment.
https://github.com/389ds/389-ds-base/pull/4662
This PR adds support to import openldap formatted schemas to 389-ds.
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia
389-users@lists.fedoraproject.org