Well, pre-2.4.9 versions would reject the Add operation... Is it 2.4.10 built from the OpenLDAP source, or some prepackaged binary?
I built RPMs from the source, without any patches:
DB: ../dist/configure \ --enable-shared \ --disable-static \ --program-prefix=slapd \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libexecdir=/usr/sbin \ --datadir=/var/lib \ --sysconfdir=/etc \ --localstatedir=/var/lib \ --libdir=/usr/lib \ --includedir=/usr/include \ --mandir=/usr/share/man \ --disable-posixmutexes \ --with-mutex=x86/gcc-assembly \
OL: ./configure \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libexecdir=/usr/sbin \ --datadir=/var/lib \ --sysconfdir=/etc \ --localstatedir=/var/lib \ --libdir=/usr/lib \ --includedir=/usr/include \ --mandir=/usr/share/man \ --enable-backends=mod \ --enable-cleartext \ --enable-crypt \ --enable-ipv6 \ --enable-ldap \ --enable-local \ --enable-modules \ --enable-overlays=mod \ --enable-slapd \ --enable-rewrite \ --enable-syslog \ --with-tls \ --with-threads \
Maybe an overlay or something interferes with auto-adding the naming attrs? Please post your slapd.conf too, after removing passwords etc.
My sanitized slapd.conf:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/corba.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/krb5-kdc.schema include /etc/openldap/schema/kerberosobject.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/autofs.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/kolab.schema include /etc/openldap/schema/evolutionperson.schema include /etc/openldap/schema/calendar.schema include /etc/openldap/schema/sudo.schema include /etc/openldap/schema/dnszone.schema include /etc/openldap/schema/dhcp.schema include /etc/openldap/schema/postfix-mail.schema
access to dn.exact="" by * read
access to dn.subtree="cn=Subschema" by * read
access to dn.subtree="ou=people,dc=openldap,dc=example,dc=com" by group="cn=replicator accounts,ou=group,dc=openldap,dc=example,dc=com" read by peername.ip=10.12.31.6 anonymous read by peername.ip=10.12.31.7 anonymous read
access to dn.subtree="ou=vmail,dc=openldap,dc=example,dc=com" by group="cn=replicator accounts,ou=group,dc=openldap,dc=example,dc=com" read by peername.ip=10.12.31.6 anonymous read by peername.ip=10.12.31.7 anonymous read
access to dn.subtree="ou=idmap,dc=openldap,dc=example,dc=com" by group="cn=idmap admins,ou=group,dc=openldap,dc=example,dc=com" write by group="cn=replicator accounts,ou=group,dc=openldap,dc=example,dc=com" read by users read by * auth
access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by group="cn=replicator accounts,ou=group,dc=openldap,dc=example,dc=com" read by anonymous auth by * none
access to * by group="cn=admins,ou=group,dc=openldap,dc=example,dc=com" write by group="cn=replicator accounts,ou=group,dc=openldap,dc=example,dc=com" read by self read by anonymous auth
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
#sizelimit unlimited #timelimit unlimited
modulepath /usr/sbin/openldap moduleload ppolicy.la moduleload syncprov.la moduleload back_bdb.la moduleload back_monitor.la
TLSRandFile /dev/random TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/pki/tls/certs/server01.crt TLSCertificateKeyFile /etc/pki/tls/private/server01.key TLSCACertificateFile /etc/pki/tls/certs/domain-server01.crt
security ssf=128
loglevel 256
database config rootdn cn=config rootpw secret
#serverid 1 ldap://server03.example.com #serverid 2 ldap://server01.example.com
#syncrepl rid=001 # provider=ldap://server01.example.com # binddn="cn=config" # bindmethod=simple # credentials=secret # searchbase="cn=config" # type=refreshAndPersist # starttls=yes # tls_reqcert=never # retry="5 5 300 5" # timeout=5
#syncrepl rid=002 # provider=ldap://server03.example.com # binddn="cn=config" # bindmethod=simple # credentials=secret # searchbase="cn=config" # type=refreshAndPersist # starttls=yes # tls_reqcert=never # retry="5 5 300 5" # timeout=5
#mirrormode true
#overlay syncprov #syncprov-checkpoint 100 10 #syncprov-sessionlog 100
database monitor rootdn cn=monitor rootpw secret
database bdb suffix "dc=openldap,dc=example,dc=com" rootdn "cn=manager,dc=openldap,dc=example,dc=com" rootpw secret directory /var/lib/ldap
serverid 3 ldap://server01.example.com serverid 4 ldap://server03.example.com
cachesize 10000 checkpoint 256 5
syncrepl rid=003 provider=ldap://server01.example.com binddn="uid=replicator,ou=service-accounts,dc=openldap,dc=example,dc=com" bindmethod=simple credentials=secret searchbase="dc=openldap,dc=example,dc=com" type=refreshAndPersist starttls=yes tls_reqcert=never interval=00:00:00:10 retry="5 5 300 5" timeout=5
syncrepl rid=004 provider=ldap://server03.example.com binddn="uid=replicator,ou=service-accounts,dc=openldap,dc=example,dc=com" bindmethod=simple credentials=secret searchbase="dc=openldap,dc=example,dc=com" type=refreshAndPersist starttls=yes tls_reqcert=never interval=00:00:00:10 retry="5 5 300 5" timeout=5
mirrormode true
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
index objectClass eq index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index sambaSID,sambaDomainName,displayName eq index entryCSN,entryUUID eq index mailid eq
limits group="cn=replicator accounts,ou=group,dc=openldap,dc=example,dc=com" size=unlimited time=unlimited
Thanks!
-
joshuaï¼ itsecureadmin.com