Re: importing openldap .schema file into netscape directory server 6.1

Rich Megginson Thu, 18 Nov 2004 11:47:58 -0800

awrightus wrote:

I did what you suggested and it still generated quite a bit of errors.
 It seems it wants everything to begin with a dn.


Right, sorry. Put
dn: cn=schema
Just before the first attributetypes:


# ./start-slapd
[17/Nov/2004:13:58:56 -0500] - slapi_str2entry: entry has no dn
[17/Nov/2004:13:58:56 -0500] dse - parsing dse entry [attributetypes]
[17/Nov/2004:13:58:56 -0500] dse - Please edit the file to correct the
reported problems and then restart the server.

I just focused on one attribute in 60radiator.ldif for now.  The file
simply contains the following.

attributetypes: ( 1.3.6.1.4.1.9048.1.1.1 NAME 'oscRadiusTarget'
 DESC 'Users with this realm will be proxied to the specified
oscRadiusHost'
 EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )

Thoughts?

Steve


Rich Megginson <[EMAIL PROTECTED]> wrote in message news:<[EMAIL 
PROTECTED]>...

Looks really close.  It's not LDIF format, but it's very close.  Try this:
1) change 'attributetype' to 'attributetypes:' (notice the :)
2) change 'objectclass' to 'objectclasses:'
3) remove all lines that begin with # (shouldn't be necessary, but do it just 
to make sure)
4) either make all definitions on one line or make sure continuation lines 
begin with a single space character
Then you should have a file in proper LDIF format. Rename your file to e.g. 60radiator.ldif, copy it into your server root/slapd-<instance>/config/schema, and restart slapd-<instance>. If you are going to be creating new instances of DS in the same server root, also copy the file to server root/bin/slapd/install/schema to make it available to new instances.
awrightus wrote:
Sure.
Steve
----

# radiator-ldap.schema
#
# Sample OpenLDAP schema for Radiator (www.open.com.au/radiator) for
# use with AuthLDAPRADIUS
#
# To use this schema, add a line like this to your
/etc/openldap/slapd.conf:
#     include /path/to/your/radiator-ldap.schema
#
# A sample LDIF file to insert a sample record for testing can be
found
# in goodies/radiator-ldap.ldif
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 2004 Open System Consultants
# $Id: radiator-ldap.schema,v 1.2 2004/10/04 10:35:03 mikem Exp $

# The following OID arcs are defined:
# 1.3.6.1.4.1.9048.1.1  OSC defined attribute types
# 1.3.6.1.4.1.9048.1.2  OSC defined attribute syntaxes
# 1.3.6.1.4.1.9048.1.3  OSC defined object classes

############################################################################
# oscRadiusRealm object defines which Radius servers to proxy users
# from a given realm.

attributetype ( 1.3.6.1.4.1.9048.1.1.1 NAME 'oscRadiusTarget'
       DESC 'Users with this realm will be proxied to the specified
oscRadiusHost'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )

attributetype ( 1.3.6.1.4.1.9048.1.1.2 NAME 'oscRadiusHost'
       DESC 'Name or IP address of a radius host to proxy to'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )

attributetype ( 1.3.6.1.4.1.9048.1.1.3 NAME 'oscRadiusSecret'
       DESC 'Shared secret for Radius client or remote server'
       EQUALITY caseExactMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )

attributetype ( 1.3.6.1.4.1.9048.1.1.4 NAME 'oscRadiusAuthPort'
       DESC 'Authentication port number or name'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20}  SINGLE-VALUE)


attributetype ( 1.3.6.1.4.1.9048.1.1.5 NAME 'oscRadiusAcctPort'
       DESC 'Accounting port number or name'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20}  SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.6 NAME 'oscRadiusRetries'
       DESC 'Max number of retransmissions'
       EQUALITY integerMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.7 NAME 'oscRadiusRetryTimeout'
       DESC 'Number of seconds to wait before retransmission'
       EQUALITY integerMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.8 NAME
'oscRadiusUseOldAscendPasswords'
       DESC 'True if old Ascend compatible passwords are to be sent'
       EQUALITY booleanMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.9 NAME
'oscRadiusServerHasBrokenPortNumbers'
       DESC 'True if remote server replies from different port the
request was sent to'
       EQUALITY booleanMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.10 NAME
'oscRadiusServerHasBrokenAddresses'
       DESC 'True if remote server replies from different address the
request was sent to'
       EQUALITY booleanMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.11 NAME
'oscRadiusIgnoreReplySignature'
       DESC 'True if the signature in replies from the remote server
are known to be incorrect'
       EQUALITY booleanMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)

# Value of failure policy can be:
# 0 ACCEPT
# 1 REJECT
# 2 IGNORE
# 3 CHALLENGE
# 4 REJECT_IMMEDIATE
attributetype ( 1.3.6.1.4.1.9048.1.1.12 NAME 'oscRadiusFailurePolicy'
       DESC 'How to respond to original request if no reply is ever
received from remote server'
       EQUALITY integerMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)

objectclass ( 1.3.6.1.4.1.9048.1.3.1 NAME 'oscRadiusRealm' SUP top
STRUCTURAL
       DESC 'OSC Radius proxy realm'
       MUST ( oscRadiusTarget $ oscRadiusHost $ oscRadiusSecret)
       MAY  ( cn $ oscRadiusAuthPort $ oscRadiusAcctPort $
oscRadiusRetries $ oscRadiusRetryTimeout $
        oscRadiusUseOldAscendPasswords $ oscRadiusServerHasBrokenPortNumbers
$ oscRadiusServerHasBrokenAddresses $
        oscRadiusIgnoreReplySignature $ oscRadiusFailurePolicy))


############################################################################
# oscRadiusClient object defines which Radius clients we are willing
to accept
# requests from. Note that the attribute names are derived from the
standard Clinet clause paramter names,
# and are consistent with the default behaviour of the ClientListLDAP
clause

attributetype ( 1.3.6.1.4.1.9048.1.1.21 NAME 'oscRadiusClientName'
       DESC 'Requests from Radius clients with this name or address
will be hounoured by Radiator'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )

attributetype ( 1.3.6.1.4.1.9048.1.1.22 NAME
'oscRadiusIgnoreAcctSignature'
       DESC 'True if the signature in accounting requests from this
client are known to be incorrect'
       EQUALITY booleanMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.23 NAME 'oscRadiusDupInterval'
       DESC 'Duplicate requests received withing this interval in
seconds are ignored'
       EQUALITY integerMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.24 NAME 'oscRadiusNasType'
       DESC 'Type of NAS'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50}  SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.25 NAME 'oscRadiusSNMPCommunity'
       DESC 'The Community name for accessing SNMP on this client'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50}  SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.26 NAME 'oscRadiusLivingstonOffs'
       DESC 'Offset for calculating missing ports'
       EQUALITY integerMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.27 NAME 'oscRadiusLivingstonHole'
       DESC 'Gap for  calculating missing ports'
       EQUALITY integerMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.28 NAME
'oscRadiusFramedGroupBaseAddress'
       DESC 'Base address for calculating IP addresses'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )

attributetype ( 1.3.6.1.4.1.9048.1.1.29 NAME
'oscRadiusFramedGroupMaxPortsPerClassC'
       DESC 'Max number of IP addresses to be allocated within a
class C address range'
       EQUALITY integerMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.30 NAME
'oscRadiusFramedGroupPortOffset'
       DESC 'Offset for calulating IP addresses'
       EQUALITY integerMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.31 NAME
'oscRadiusRewriteUsername'
       DESC 'Pattern for rewriting usernames'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{100} )

attributetype ( 1.3.6.1.4.1.9048.1.1.32 NAME
'oscRadiusStatusServerShowClientDetails'
       DESC 'True if Status-Server requests from this client should
include Clinet details in the reply'
       EQUALITY booleanMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.33 NAME 'oscRadiusPreHandlerHook'
       DESC 'Perl code to be run before requests from this cleint are
passed to a handler'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

attributetype ( 1.3.6.1.4.1.9048.1.1.34 NAME 'oscRadiusPacketTrace'
       DESC 'True if requests received from this client are top be
packet-traced'
       EQUALITY booleanMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.35 NAME
'oscRadiusIdenticalClients'
       DESC 'Names and addresses of other Clients with identical
configuration'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )

attributetype ( 1.3.6.1.4.1.9048.1.1.36 NAME
'oscRadiusNoIgnoreDuplicates'
       DESC 'Name of a request type for whioch duplicates will not be
ignored'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{100} )

attributetype ( 1.3.6.1.4.1.9048.1.1.37 NAME 'oscRadiusDefaultReply'
       DESC 'Names and values of reply attributes which will be added
only if the reply would otherwise have no reply attributes'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )

attributetype ( 1.3.6.1.4.1.9048.1.1.38 NAME 'oscRadiusFramedGroup'
       DESC 'Base address for Framed-Group'
       EQUALITY integerMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.9048.1.1.39 NAME 'oscRadiusStripFromReply'
       DESC 'Names of attributes which will be stripped from all
replies to this client'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )

attributetype ( 1.3.6.1.4.1.9048.1.1.40 NAME 'oscRadiusAllowInReply'
       DESC 'Names of attributes which are allowed in replies to this
client'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )

attributetype ( 1.3.6.1.4.1.9048.1.1.41 NAME 'oscRadiusAddToReply'
       DESC 'Names and values of reply attributes which will be added
to the reply'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )

attributetype ( 1.3.6.1.4.1.9048.1.1.42 NAME
'oscRadiusAddToReplyIfNotExist'
       DESC 'Names and values of reply attributes which will be added
to the reply only if they are not already present'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )

attributetype ( 1.3.6.1.4.1.9048.1.1.43 NAME 'oscRadiusDynamicReply'
       DESC 'Names of attributes which are eligible for runtime
variable substitution'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )

attributetype ( 1.3.6.1.4.1.9048.1.1.44 NAME
'oscRadiusStripfromRequest'
       DESC 'Names of attributes which are to be stripped from the
request before being passed to a Handler'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )

attributetype ( 1.3.6.1.4.1.9048.1.1.45 NAME 'oscRadiusAddToRequest'
       DESC 'Names and values of reply attributes which will be added
to the request before being passed to a Handler'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )

attributetype ( 1.3.6.1.4.1.9048.1.1.46 NAME
'oscRadiusAddToRequestIfNotExist'
       DESC 'Names and values of reply attributes which will be added
to the request before being passed to a Handler if they are not
already present'
       EQUALITY caseIgnoreMatch
       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )


objectclass ( 1.3.6.1.4.1.9048.1.3.21 NAME 'oscRadiusClient' SUP top
STRUCTURAL
       DESC 'OSC Radius Client'
       MUST ( oscRadiusClientName $ oscRadiusSecret)
       MAY  ( cn $ oscRadiusIgnoreAcctSignature $
oscRadiusDupInterval $ oscRadiusNasType $
               oscRadiusSNMPCommunity $ oscRadiusLivingstonOffs $
oscRadiusLivingstonHole $
               oscRadiusFramedGroupBaseAddress $
oscRadiusFramedGroupMaxPortsPerClassC $
               oscRadiusFramedGroupPortOffset $ oscRadiusRewriteUsername $
oscRadiusUseOldAscendPasswords $
               oscRadiusStatusServerShowClientDetails $
oscRadiusPreHandlerHook $ oscRadiusPacketTrace $
               oscRadiusIdenticalClients $ oscRadiusNoIgnoreDuplicates $
oscRadiusDefaultReply $
               oscRadiusFramedGroup $ oscRadiusStripFromReply $
oscRadiusAllowInReply $ oscRadiusAddToReply $
               oscRadiusAddToReplyIfNotExist $ oscRadiusDynamicReply $
oscRadiusStripfromRequest $
               oscRadiusAddToRequest $ oscRadiusAddToRequestIfNotExist))

----


Rich Megginson <[EMAIL PROTECTED]> wrote in message news:<[EMAIL 
PROTECTED]>...

Could you post the OpenLDAP .schema file?
awrightus wrote:
I have a OpenLDAP .schema file that I want to import into my Netscape Directory Server 6.1 schema. The format of the OpenLDAP .schema file doesn't use the exact same syntax as what's required by 99user.ldif. Is there an easy way to update Netscape's schema with the contents of a OpenLDAP .schema file? Thanks.

Steve

_______________________________________________
mozilla-directory mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-directory

Re: importing openldap .schema file into netscape directory server 6.1

Reply via email to