Using the following slapd configuration, I can't add an attribute value to an existing user:
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/ppolicy.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
TLSCipherSuite HIGH:MEDIUM TLSCertificateFile /usr/local/etc/openldap/slapd-cert.pem TLSCertificateKeyFile /usr/local/etc/openldap/slapd-key.pem
access to attrs=userPassword by * auth access to * by * read
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=psccos,dc=com" rootdn "cn=Manager,dc=psccos,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw xxxxxxxx # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq
Below you can see the ldapmodify command that fails, and below that, the file that contains the modifications:
$ sudo ldapmodify -w cowabunga -D "cn=Manager,dc=psccos,dc=com" -f /home/oreilly/mod.ldif modifying entry "cn=Renee Walker,ou=people,dc=psccos,dc=com" ldap_modify: Object class violation (65) additional info: attribute 'pwdInHistory' not allowed
$ cat /home/oreilly/mod.ldif dn: cn=Renee Walker,ou=people,dc=psccos,dc=com changetype: modify add: pwdInHistory pwdInHistory: 6
$
Any idea why this behavior occurs?
------ +-------------------------------+----------------------------------------+ | Dan O'Reilly | "There are 10 types of people in this | | Principal Engineer | world: those who understand binary | | Process Software | and those who don't." | | http://www.process.com | | +-------------------------------+----------------------------------------+
--On Tuesday, June 08, 2010 3:17 PM -0600 Dan OReilly dano@process.com wrote:
Any idea why this behavior occurs?
Sounds to me like the entry doesn't have the objectClass that allows that attribute to be added.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Dan OReilly -
Quanah Gibson-Mount