Ok,
Trying to add the following:
objectClass: olcGlobal --> this is the objectClass on another server that has SSL already set up. dn: cn=config changetype: add olcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3 olcTLSCertificateFile: /usr/local/openldap/etc/openldap/CA/cacert.pem olcTLSCertificateKeyFile: /usr/local/openldap/etc/openldap/CA/private/cakey.pem adding new entry "cn=config" ldapmodify: Object class violation (65) additional info: no objectClass attribute
I've read the various manpages that deal with ldif formats, ldapmodify, ldapadd, etc and been googling too.
What am I missing?
Thanks in advance.
John D. Borresen (Dave) Linux/Unix Systems Administrator MIT Lincoln Laboratory Surveillance Systems Group 244 Wood St Lexington, MA 02420 Email: john.borresen@ll.mit.edumailto:john.borresen@ll.mit.edu
--On Tuesday, January 21, 2014 11:38 AM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Ok,
Trying to add the following:
objectClass: olcGlobal à this is the objectClass on another server that has SSL already set up.
dn: cn=config
changetype: add
Why are you doing an "add" operation on an entry that already exists?
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
I tried both ldapmodify and ldapadd (with a couple of different ldifs). I was trying to "add" an attribute(s) (olcTLSCertificateFile; olcCipherSuite & olcCertificateKeyFile) to the cn=config. No matter what I tried to do, it either returned the error indicated on the original email or it killed the slapd daemon.
In the past, yes I know it is not the correct way, I had to stop slapd change into the cn=config directory and manually enter what I wanted. Then restart.
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Quanah Gibson-Mount Sent: Tuesday, January 21, 2014 12:14 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: Adding attributes to cn=config
--On Tuesday, January 21, 2014 11:38 AM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Ok,
Trying to add the following:
objectClass: olcGlobal à this is the objectClass on another server that has SSL already set up.
dn: cn=config
changetype: add
Why are you doing an "add" operation on an entry that already exists?
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Tuesday, January 21, 2014 1:39 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
I tried both ldapmodify and ldapadd (with a couple of different ldifs). I was trying to "add" an attribute(s) (olcTLSCertificateFile; olcCipherSuite & olcCertificateKeyFile) to the cn=config. No matter what I tried to do, it either returned the error indicated on the original email or it killed the slapd daemon.
In the past, yes I know it is not the correct way, I had to stop slapd change into the cn=config directory and manually enter what I wanted. Then restart.
Your syntax is clearly wrong. Again, "changetype: add" is incorrect for modifying an existing entry. You need to use "changetype: modify"
There's a clear example of how to add attributes to an existing entry using "changetype: modify" in http://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah's point is that changetype: add is for adding new objects. I'm assuming cn=config already exists. You need to be using changetype: modify to modify or add attributes to an existing object. You need to use the add: operation before each new attribute you're adding. You also need to include a dash on a line by itself between operations on the same record. The object class error is being generated because DN and changetype must be the first 2 elements of a change record. Objectclass must come after changetype. If you are modifying the existing cn=config record then you don't even need to include objectclass.
Here is a partially modified sample of your original ldif that should work using ldapmodify
dn: cn=config changetype: modify add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3 - add: olcTLSCertificateFile olcTLSCertificateFile: /usr/local/openldap/etc/openldap/CA/cacert.pem
-Jon C. Kidder American Electric Power Middleware Services Email: jckidder@aep.com Phone: 614-716-4970
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Borresen, John - 0442 - MITLL Sent: Tuesday, January 21, 2014 1:39 PM To: openldap-technical@openldap.org Subject: RE: Adding attributes to cn=config
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments.
********************************************************************** I tried both ldapmodify and ldapadd (with a couple of different ldifs). I was trying to "add" an attribute(s) (olcTLSCertificateFile; olcCipherSuite & olcCertificateKeyFile) to the cn=config. No matter what I tried to do, it either returned the error indicated on the original email or it killed the slapd daemon.
In the past, yes I know it is not the correct way, I had to stop slapd change into the cn=config directory and manually enter what I wanted. Then restart.
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Quanah Gibson-Mount Sent: Tuesday, January 21, 2014 12:14 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: Adding attributes to cn=config
--On Tuesday, January 21, 2014 11:38 AM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Ok,
Trying to add the following:
objectClass: olcGlobal à this is the objectClass on another server that has SSL already set up.
dn: cn=config
changetype: add
Why are you doing an "add" operation on an entry that already exists?
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
Thanks, my apologies for posting a stupid question.
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Tuesday, January 21, 2014 2:10 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: RE: Adding attributes to cn=config
--On Tuesday, January 21, 2014 1:39 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
I tried both ldapmodify and ldapadd (with a couple of different ldifs). I was trying to "add" an attribute(s) (olcTLSCertificateFile; olcCipherSuite & olcCertificateKeyFile) to the cn=config. No matter what I tried to do, it either returned the error indicated on the original email or it killed the slapd daemon.
In the past, yes I know it is not the correct way, I had to stop slapd change into the cn=config directory and manually enter what I wanted. Then restart.
Your syntax is clearly wrong. Again, "changetype: add" is incorrect for modifying an existing entry. You need to use "changetype: modify"
There's a clear example of how to add attributes to an existing entry using "changetype: modify" in http://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Tuesday, January 21, 2014 2:58 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Thanks, my apologies for posting a stupid question.
Tsk, I never said it was stupid. But I was trying to point you in the right direction. ;)
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org