I have an OpenLDAP server on CentOS 7.8 and am trying to get the ppolicy overlay loaded. I'm attempting to load in the module with this command:
ldapmodify -Y EXTERNAL -H ldapi:/// -f ppolicy_load.ldif
and I get this error:
add olcModuleLoad: ppolicy modifying entry "cn=module{0},cn=config" ldap_modify: Type or value exists (20) additional info: modify/add: olcModuleLoad: value #0 already exists
The contents of ppolicy.ldif:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: ppolicy
cn=module{0},cn=config.ldif contents:
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib64/openldap olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov
Can anyone provide guidance on how to get this working? I configured this on test servers that I derived from my main ldap server with no problem.
jalexander@concentricsky.com wrote:
I have an OpenLDAP server on CentOS 7.8 and am trying to get the ppolicy overlay loaded. I'm attempting to load in the module with this command:
ldapmodify -Y EXTERNAL -H ldapi:/// -f ppolicy_load.ldif
and I get this error:
add olcModuleLoad: ppolicy modifying entry "cn=module{0},cn=config" ldap_modify: Type or value exists (20) additional info: modify/add: olcModuleLoad: value #0 already exists
The contents of ppolicy.ldif:
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: ppolicy
cn=module{0},cn=config.ldif contents:
You're probably looking at the wrong file. In particular, you shouldn't be looking at *any* of these files. What does ldapsearch show you for the cn=module,cn=config entry?
dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib64/openldap olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov
Can anyone provide guidance on how to get this working? I configured this on test servers that I derived from my main ldap server with no problem.
Hi Howard,
Well, that is interesting.
[root@ldap3 ~]# ldapsearch -x -b cn=module{0},cn=config -H ldapi:/// # extended LDIF # # LDAPv3 # base <cn=module{0},cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
Would this indicate that LDAP does not think that there are any modules loaded? slapcat -n 0 | grep olcModuleLoad shows olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov
I'm out of my depth on path forward now.
John Alexander
Hi again Howard,
My ldapsearch was wrong. Here is the correct output:
[root@ldap3.concentricsky.com ~]# ldapsearch -Y EXTERNAL -b "cn=module{0},cn=config" -H ldapi:/// SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <cn=module{0},cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# module{0}, config dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib64/openldap olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov olcModuleLoad: {2}ppolicy
# search result search: 2 result: 0 Success
So, it appears that ppolicy is loaded.
openldap-technical@openldap.org
-
Howard Chu -
jalexander@concentricsky.com -
John Alexander