Hello,
I'm migrating from an old openldap 2.3.30 to a 2.4.21 running in an ubuntu server, so I'm new with cn=config database.
The problem I have is that I want to create a user under cn=config, so I could configure the server without providing the password for cn=config (I want to restrict the IPs from that user could be used).
So I'm trying to add an entry like:
dn: cn=myuser,cn=config changetype: add objectClass: organizationalRole objectClass: simpleSecurityObject cn: myuser userPassword: mypassword
but I'm getting the error:
Object class violation (65).
In the server's log I get:
Sep 27 12:52:04 canis10 slapd[10564]: conn=1018 op=2 ADD dn="cn=myuser,cn=config " Sep 27 12:52:04 canis10 slapd[10564]: slap_queue_csn: queing 0x7f47bc1d8f10 2010 0927105204.422891Z#000000#001#000000 Sep 27 12:52:04 canis10 slapd[10564]: conn=1018 op=2 RESULT tag=105 err=65 text=
I have tried to add it with the server running in debug mode, and then I get:
dnPrettyNormal: <cn=myuser,cn=config>
=> ldap_bv2dn(cn=myuser,cn=config,0) <= ldap_bv2dn(cn=myuser,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=myuser,cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=myuser,cn=config)=0 <<< dnPrettyNormal: <cn=myuser,cn=config>, <cn=myuser,cn=config> conn=1002 op=2 ADD dn="cn=myuser,cn=config" daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero => access_allowed: add access to "cn=myuser,cn=config" "entry" requested <= root access granted => access_allowed: add access granted by manage(=mwrscxd) <= acl_access_allowed: granted to database root oc_check_required entry (cn=myuser,cn=config), objectClass "organizationalRole" oc_check_required entry (cn=myuser,cn=config), objectClass "simpleSecurityObject" oc_check_allowed type "objectClass" oc_check_allowed type "cn" oc_check_allowed type "userPassword" oc_check_allowed type "structuralObjectClass" => access_allowed: add access to "cn=config" "children" requested <= root access granted => access_allowed: add access granted by manage(=mwrscxd) conn=1002 op=2: config_add_internal: DN="cn=myuser,cn=config" no structural objectClass in configuration table
but organizationalRole is an structural object class. I have tried with other objectclasses like person or inetOrgPerson, but I get the same result.
Could anybody help me?