Originally posted by: svenson

I am facing the following error when adding sudo related attributeTypes and objectclasses to the IBM Directory Server.

Operation 0 modifying entry cn=schema
ldap_modify: DSA is unwilling to perform
ldap_modify: additional info: GLPSCH025E SUBSTR matching rule 'caseExactIA5SubstringsMatch' not found when processing attribute type 'sudoUser'.

Is there a way around this - or am I doing things the wrong way? 

Thanks,
Svenni

sudo.ldif:
dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.15953.9.1.1
    NAME 'sudoUser'
    DESC 'User(s) who may  run sudo'
    EQUALITY caseExactIA5Match
    SUBSTR caseExactIA5SubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

# idsldapmodify -h localhost -D xxx -w xxx -i sudo.ldif
Operation 0 modifying entry cn=schema
ldap_modify: DSA is unwilling to perform
ldap_modify: additional info: GLPSCH025E SUBSTR matching rule 'caseExactIA5SubstringsMatch' not found when processing attribute type 'sudoUser'.

Originally posted by: AyappanP

You are using IBM Directory server. And the SUBSTR rule is not valid for IBM Directory server.

https://www.ibm.com/support/knowledgecenter/en/SSVJJU_6.2.0/com.ibm.IBMDS.doc/admin_gd77.htm

Originally posted by: svenson

I belive SUBSTR is valid in the IDS - but the problem is the caseExactIA5SubstringsMatch matching rule. IDS only supports caseIgnoreIA5SubstringsMatch.

I was hoping it was possible to convert the OpenLDAP schema to IDS schema.

Originally posted by: AyappanP

Correct. By "the SUBSTR rule" , i meant about "caseExactIA5SubstringsMatch" only.

" SUBSTR caseExactIA5SubstringsMatch "