I replaced ou with cn, tried loading the ldif and got this message:
# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f passwordPolicy.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=policies,dc=*****,dc=*****" ldap_add: Insufficient access (50) additional info: no write access to parent
Thank you, Liz
From: Michael Ströder <michael@stroeder.commailto:michael@stroeder.com> Date: Thursday, September 24, 2015 at 11:12 AM To: Elizabeth Real Chavez <Elizabeth.Real@jpl.nasa.govmailto:Elizabeth.Real@jpl.nasa.gov>, "openldap-technical@openldap.orgmailto:openldap-technical@openldap.org" <openldap-technical@openldap.orgmailto:openldap-technical@openldap.org> Subject: Re: Allow users to change ldap password with passwd
Real, Elizabeth (392K) wrote: This is the passwordPolicy.ldif: dn: ou=policies,dc=*****,dc=***** objectClass: pwdPolicy objectClass: person objectClass: top cn: policies sn: policies
If that is what you want to use you cannot use ou for forming the RDN.
Simply use instead dn: cn=policies,dc=*****,dc=***** to match your entry.
Ciao, Michael.