Can't import ldap schema provided in ldap howto

alan alan at radiowave.ie
Thu Jan 26 13:37:52 CET 2006 

Hello,

I've been trying to configure openldap for use with radius. I'm running
a RedHat ES 4 server with the following rpm's installed:

openldap-2.2.13-3
freeradius-1.0.1-3.RHEL4

I've been following the instructions in ldap_howto.txt, and I created
the schema.ldif file exactly as outlined in the doc. But when I run the
ldapadd command it gives the following error:

[root at myserver]# ldapadd -f schema.ldif -x -D
"cn=root,dc=mydomain,dc=com" -w secret
adding new entry "dc=mydomain,dc=com"

adding new entry "ou=radius,dc=mydomain,dc=com"

adding new entry "ou=profiles,ou=radius,dc=mydomain,dc=com"

adding new entry "ou=users,ou=radius,dc=mydomain,dc=com"

adding new entry "ou=admins,ou=radius,dc=mydomain,dc=com"

adding new entry "uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com"
ldap_add: Object class violation (65)
        additional info: no structural object class provided

I do have the include statement for "RADIUS-LDAPv3.schema" configured in
my slapd.conf, and I already verified that it is readable by the user
ldap (and that the path is correct). Here is the entry ldapadd is
erroring on:

dn: uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com
objectclass: radiusprofile
uid: dial
radiusServiceType: Framed-User
radiusFramedProtocol: PPP
radiusFramedIPNetmask: 255.255.255.0
radiusFramedRouting: None

I've found other posts with users having the same issue, but I haven't
found one detailing the resolution. I've checked to ensure that there
are no extra spaces at the end of the lines.


The issue is that uid is not part of the radiusprofile. So if you are using
uid as your dn you would need to add another object class that requires uid
and is structural. I guess the posix objectclass will have the uid attribute
as a default one so you could use that

IE you could use.

dn: cn=doolin,ou=profiles,o=radius,dc=radiowave,dc=net
cn: doolin
objectClass: radiusprofile
objectClass: organizationalRole
objectClass: top
radiusHuntgroupName: internet
radiusGroupName: doolin

conversly

you can use any of the radiusprole attributes as the dn name if you don't
want to add a new object class

IE

dn: radiusServiceType=dial,ou=profiles,ou=radius,dc=mydomain,dc=com
objectclass: radiusprofile
uid: dial
radiusServiceType: Framed-User
radiusFramedProtocol: PPP
radiusFramedIPNetmask: 255.255.255.0
radiusFramedRouting: None

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list