I'm trying to add a user to the "wheel" group and I keep getting this error message (removed dc entries to mask my company:
[root#~]# ldapmodify -x -W -D "cn=Manager,dc=XXX,dc=XXX" -f usergroupadd.ldif
Enter LDAP Password:
modifying entry "cn=wheel,ou=groups,dc=XXX,dc=XXX"
ldap_modify: No such object (32)
matched DN: dc=XXX,dc=XXX
Now I'm sure many will wonder if the 'wheel' group even exists, and that answer is yes. Adjusted user names for security purposes.
[root#~]# getent group| grep wheel
wheel:x:10:USER1,USER2,USER3,USER4,USER5,USER6
[root#~]#
And lastly my ldif file with the usergroup add appears to be correct:
[root#~]# cat usergroupadd.ldif
dn: cn=wheel,ou=groups,dc=XXX,dc=XXX
changetype: modify
add: memberuid
memberuid: USER7
So my question is, what is causing the No such object (32) error?
Thanks,
Related
I created an OpenLDAP server on Ubuntu 22.04, and created users but forgot to add them to a organizational unit (ou). How can I associate them all to an ou now ?
The actual server looks like this:
dn=company
ou=Users
uid=user1
uid=user2
uid=user3
...
What I would like is:
dn=company
ou=Users
uid=user1
uid=user2
uid=user3
...
Concretely, I would like to go from this:
uid=user1,dc=example,dc=fr
to this:
uid=user1,ou=Users,dc=example,dc=fr
Adding an ou attribute to the entry is one thing, moving the entry in the DIT is another thing. For the latter, you need to use the newsuperior directive.
Using ldapmodify -f with changetype: (modrdn|moddn) :
dn: uid=user1,dc=example,dc=fr
changetype: modrdn
# rdn unchanged
newrdn: uid=user1
# deletes old entry
deleteoldrdn: 1
# adds to Users hierarchy
newsuperior: ou=Users,dc=example,dc=com
Using ldapmodrdn -r -s <newsuperior> <dn> <newrdn> :
ldapmodrdn -r -s "ou=Users,dc=example,dc=com" "uid=user1,dc=example,dc=fr" "uid=user1"
Actually I just found an answer on my own.
I simply did a LDIF file modify.ldif:
dn: uid=user1,dc=example,dc=fr
changetype: modify
add: ou
ou: Users
And then ldapmodify -x -D cn=admin,dc=example,dc=fr -W -f ./modify.ldif
I have the following entry in LDAP directory:
dn: ou=Users,dc=itau,dc=co
objectClass: organizationalUnit
ou: Users
Unfortunately, I forgot to add the gid attribute. Because of this, I had created the following LDIF file called "modify.ldif":
dn: ou=Users,dc=itau,dc=co
changetype: modify
add: gid
gid: 20000
But when I run the command
ldapmodify -x -D "cn=admin,dc=itau,dc=co" -w <PASSWORD> -H ldap:// -f modify.ldif
I get the error:
ldap_modify: Undefined attribute type (17)
additional info: gid: attribute type undefined
It's important to say that I had checked for blank spaces at the end of each line, but this error didn't desappear.
Why I'm getting this error?.
Thank you.
I am trying to add a new attribute to the OpenLDAP schema
# cat /etc/ldap/pwdResetAttribAdd.ldif
dn: cn={3}inetorgperson,cn=schema,cn=config
add: olcAttributeTypes
##
## The new attribute type
##
olcAttributetypes: ( 1.3.6.1.4.1.42.2.27.8.1.22
NAME 'pwdReset'
DESC 'The indication that the password has been reset'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
USAGE directoryOperation )
The command I am using to add is as under
ldapmodify -D "cn=admin,dc=test" -w somePass -h localhost -p 389 -f /etc/ldap/pwdResetAttribAdd.ldif
However, it fails with below error
modifying entry "cn={3}inetorgperson,cn=schema,cn=config" ldap_modify: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: "1.3.6.1.4.1.42.2.27.8.1.22" is operational
Where am I wrong ?
You don't need to do this. Just add ppolicy.schema to the schemas being loaded, and the ppolicy overlay to the overlays, and all the appropriate ppolicy attributes will appear.
NB pwdReset and its friends that live in user entries are operational attributes and are commented out in this schema, but the ppolicy overlay causes them to be known anyway.
I have created 4 new attributes on cn=schema and also created a new objectclass with the 4 attributes set as MUST.
I tried to add the objectclass to existing entry which obviously return an error because those 4 new attributes are not setup for the ldap entry.
I created an ldif file and ran ldapmodify but get object violation error. Can anyone tellme whats causing this error and if I'm missing anything.
ldif
#ldapmodify.bat -h localhost -p 1389 -D "cn=Directory Manager" -w xxxxx -a -f entry.ldif
dn: uid=user.0,ou=People,dc=example,dc=com
changetype: modify
add: disabledFlag
disabledFlag: n
-
add: passwordData
passwordData:< file:/C:\\oud\\asinst_1\\OUD\\bat\\images.png
-
add: anonymousID
anonymousID: nah
-
add: challengeResponse
challengeResponse: nah
Error after executing the command.
Processing MODIFY request for uid=user.0,ou=People,dc=example,dc=com
MODIFY operation failed
Result Code: 65 (Object Class Violation)
Additional Information: Entry uid=user.0,ou=People,dc=example,dc=com cannot not be modified because the resulting entry would have violated the server schema: Entry uid=user.0,ou=People,dc=example,dc=com violates the Directory Server schema configuration because it includes attribute anonymousID which is not allowed by any of the objectclasses defined in that entry
LDAP installed is OUD 11gR2.
Finally able to solve the question myself.
This is what I did
Changed STRUCTURAL to ABSTRACT for the objectclass since there can be only one STRUCTURAL and updated objectclass to have MAY attributes instead of MUST.
used ldap port instead of admin port in the ldap modify command.
I still couldn't figure out why cant objectclass be created with MUST ? Is this chicken and egg kind of problem?
I'm trying to setup an LDIF file which shall add a new attribute value to an existing node. The attribute is a mandatory attribute of custom objectclass.
Here is the contents of the LDIF file 'add.ldif':
dn: cn=hna,cn=Users,DC=lan,DC=test,DC=de
changetype: modify
add: objectclass
objectclass: MyCustomObjectClass
-
add: myCustomAttribute
myCustomAttribute: someValue
-
Problem: when I try add that to the LDAP server using
ldapmodify -h ... -D ... -w ... -x -f add.ldif
I get the error message
ldap_modify: Objectclass violation (65)
additional info: 00002014: objectclass_attrs: attribute 'myCustomAttribute'
on entry 'cn=hna,cn=Users,DC=lan,DC=test,DC=de' does not exist in the
specified objectclasses
When I leave out the 'add' of 'myCustomAtribute' then of course then I get:
ldap_modify: Objectclass violation (65)
additional info: 00002014: objectclass_attrs: at least one mandatory attribute
('myCustomAttribute') on entry 'cn=hna,cn=Users,DC=lan,DC=test,DC=de'
wasn't specified!
Any idea what is wrong with my approach?
ldapmodify is the one from OpenLDAP; the server is a Samba V4 LDAP.
This should work:
dn: cn=hna,cn=Users,DC=lan,DC=test,DC=de
changetype: modify
add: objectclass
objectclass: MyCustomObjectClass
add: myCustomAttribute
myCustomAttribute: someValue
There MUST be an empty line after the last line.
The "-" is only needed if you want to perform separate modify operations and have them be atomic. (ie all work or all fail).
As adding the objectclass requires MUST attributes must happen in the same modification.
By the way I have noticed that some ldapmodify programs do not handle these properly.
-jim