Hello all,
An example user in my LDAP structure is like:
dn: cn=Full Name,ou=Users,dc=mydomain,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: person objectClass: organizationalPerson objectClass: top givenName: Full sn: Name cn: Full Name uid: fname userPassword: {MD5}HNtFsPRLE3okNNjVm6lmpw== uidNumber: 1004 gidNumber: 100 homeDirectory: /home/fname loginShell: /bin/bash mail: fname@mydomain.com
This user is under group of IT where I want to give him access to add new entry into the OpenLDAP. I'm connecting to LDAP server via his details and phpldapadmin and trying to create a new user but I'm getting the following error:
Error number: 0x13 (LDAP_CONSTRAINT_VIOLATION) Description: Some constraint would be violated by performing the action. This can happen when you try to add a second value to a single-valued attribute, for example.
My ACL's in the master ldap server are:
access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=mydomain,dc=com" write by dn="uid=syncrepl,ou=system,dc=mydomain,dc=com" write by group/groupOfUniqueNames/uniqueMember="cn=IT,ou=Groups,dc=mydomain,dc=com" write by dn="uid=authenticate,ou=system,dc=mydomain,dc=com" read by anonymous auth by self write by * none
access to attrs=givenName,sn,cn by group/groupOfUniqueNames/uniqueMember="cn=IT,ou=Groups,dc=mydomain,dc=com" write by self write by users auth by anonymous auth
access to dn.base="" by * read
access to * by dn="cn=admin,dc=mydomain,dc=com" write by group/groupOfUniqueNames/uniqueMember="cn=LDAP Admins,ou=Groups,dc=mydomain,dc=com" write by * read
I'm also using in this file the overlay unique for attributes uid,mail and uidNumber in case that this has anything to do.
Any help is much appreciated.
Thanks
Stelios A. wrote:
Error number: 0x13 (LDAP_CONSTRAINT_VIOLATION) Description: Some constraint would be violated by performing the action. This can happen when you try to add a second value to a single-valued attribute, for example.
You should provide more information about what exactly you did causing this error message to appear. Server logs? Debug log?
Do you have slapo-constraint configured somewhere in your slapd.conf?
My ACL's in the master ldap server are:
Unlikey this is caused by insufficient access rights.
Ciao, Michael.
Hi Michael,
I'm getting the error while I'm trying to add a new user via phpldapadmin with the credentials of the user who belongs to IT group where that group has write access to the ldap. The only constraints that I have in my slapd.conf are:
overlay syncprov syncprov-checkpoint 50 10 syncprov-sessionlog 100
overlay unique unique_base dc=bca,dc=edu,dc=gr unique_attributes uid mail uidNumber
Thanks
2008/8/22 Michael Ströder michael@stroeder.com:
Stelios A. wrote:
Error number: 0x13 (LDAP_CONSTRAINT_VIOLATION) Description: Some constraint would be violated by performing the action. This can happen when you try to add a second value to a single-valued attribute, for example.
You should provide more information about what exactly you did causing this error message to appear. Server logs? Debug log?
Do you have slapo-constraint configured somewhere in your slapd.conf?
My ACL's in the master ldap server are:
Unlikey this is caused by insufficient access rights.
Ciao, Michael.
Stelios A. wrote:
2008/8/22 Michael Ströder michael@stroeder.com:
Stelios A. wrote:
Error number: 0x13 (LDAP_CONSTRAINT_VIOLATION) Description: Some constraint would be violated by performing the action. This can happen when you try to add a second value to a single-valued attribute, for example.
You should provide more information about what exactly you did causing this error message to appear. Server logs? Debug log?
Do you have slapo-constraint configured somewhere in your slapd.conf?
My ACL's in the master ldap server are:
Unlikey this is caused by insufficient access rights.
I'm getting the error while I'm trying to add a new user via phpldapadmin with the credentials of the user who belongs to IT group where that group has write access to the ldap.
As I said I doubt it has anything to do with access control.
The only constraints that I have in my slapd.conf are: [..] overlay unique unique_base dc=bca,dc=edu,dc=gr unique_attributes uid mail uidNumber
Maybe you should talk to the phpldapadmin how they ensure uniqueness of these attributes. Or even better ask them how to turn on a debug log to track down the issue by looking on the particular operation sent.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Stelios A.