Kopano LDAP schema usage with FreeIPA
dcuser last edited by
We would like to to use Kopano directly with FreeIPA-LDAP, but it looks as if you need to ask the FreeIPA people for reserving you attributeType-IDs for regularly importing a schema with new attributeTypes.
I converted your schema from the source code , but I got errors with the token numbers when trying to import the attributeTypes.
I can’t upload, so please take a look here: http://paste.ubuntu.com/24039244/
The error is:
ipa-ldap-updater --schema kopano_schema_attributes.ldif -d .... ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: DEBUG: File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ldap_updater.py", line 138, in run ldapi=True) or modified File "/usr/lib/python2.7/site-packages/ipaserver/install/schemaupdate.py", line 128, in update_schema dn, new_schema = ldap.schema.subentry.urlfetch(filename) File "/usr/lib64/python2.7/site-packages/ldap/schema/subentry.py", line 494, in urlfetch parsed_sub_schema = ldap.schema.SubSchema(subschemasubentry_entry) File "/usr/lib64/python2.7/site-packages/ldap/schema/subentry.py", line 102, in __init__ se_instance = se_class(attr_value) File "/usr/lib64/python2.7/site-packages/ldap/schema/models.py", line 59, in __init__ d = extract_tokens(l,self.token_defaults) File "/usr/lib64/python2.7/site-packages/ldap/schema/tokenizer.py", line 56, in extract_tokens assert l.strip()=="(" and l[-1].strip()==")",ValueError(l) ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: DEBUG: The ipa-ldap-updater command failed, exception: AssertionError: ['(', '22.214.171.124.4.1.477126.96.36.199.1'] ipa.ipaserver.install.ipa_ldap_updater.LDAPUpdater_NonUpgrade: ERROR: Unexpected error - see /var/log/ipaupgrade.log for details: AssertionError: ['(', '188.8.131.52.4.1.477184.108.40.206.1'] ....
In the code the AssertionError comes from the fact, that it is not a known_token., which guided me to here:
and this chapter
The FreeIPA project have been assigned its own OID space under the original 389ds OID space. The FreeIPA toplevel OID is: 2.16.840.1.113730.3.8 If you plan to create new attributes and objectclasses please announce that on the development list and ask for assignment, with a full schema description if available. If you haven’t worked out the details of each new object but you know exactly how many you will need, you can get an allotment reserved too.*
With the objectClasses it seems there was no problem, which is a little bit weird. It looks as if those IDs are used already.
As both are FLOSS-projects it should be easy to integrate the Kopano LDAP-schema to FreeIPA or provide an update.