Re: OpenLDAP Multiple User Import

Am Thu, 2 Jan 2014 17:35:33 +0000 schrieb David Barr David.Barr2@mclaneat.com:

I have one file that I need to use to import about 50 people, it doesn't like the fact that I have more than one user in the file for some reason. I might have another 200 in the future and need to figure out why it isn't working... Help please.

Is my syntax wrong? Did I place something in the wrong order or something more than once that isn't needed.

I have included two users, all are the same except the actual username.

Help please.

# USER ENTRY dn: cn=New.user01,ou=People,dc=test,dc=com uid: NEW.user01 givenName: NEW.user01 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson userPassword: NEW.user01 sn: NEW.user01 ou: People cn: NEW.user01 objectClass: uidObject objectClass: pwdPolicy pwdAttribute: userPassword objectClass: pwdPolicyChecker pwdMinAge: 86400 pwdMaxAge: 7776002 pwdInHistory: 10 pwdCheckQuality: 2 pwdMinLength: 14 pwdExpireWarning: 432000 pwdGraceAuthNLimit: 0 pwdFailureCountInterval: 120 pwdAllowUserChange: TRUE pwdCheckModule: Standard Policy pwdLockout: FALSE

dn: cn=NEW.user02,ou=People,dc=test,dc=com uid: NEW.user02 givenName: NEW.user02 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson userPassword: NEW.user02 sn: NEW.user02 ou: People cn: NEW.user02 objectClass: uidObject objectClass: pwdPolicy pwdAttribute: userPassword objectClass: pwdPolicyChecker pwdMinAge: 86400 pwdMaxAge: 7776002 pwdInHistory: 10 pwdCheckQuality: 2 pwdMinLength: 14 pwdExpireWarning: 432000 pwdGraceAuthNLimit: 0 pwdFailureCountInterval: 120 pwdAllowUserChange: TRUE pwdCheckModule: Standard Policy pwdLockout: FALSE

ldapadd -v -d 1 -D "cn=Admin,dc=test,dc=com" -w test -f /tmp/T/.ldif

adding new entry cn=New.user01,ou=People,dc=test,dc=com ldap_add: Type or value exists ldap_add: additional info: objectClass: value #1021 provided more than once

You should not include password policy attributes in a user entry. The proper way is to create policy entries and point a user entry to this policy entry by adding a pwPolicySubentry attribute, see man slapo-ppolicy(5).

-Dieter