I'm trying to setup an LDIF file which shall add a new attribute value to an existing node. The attribute is a mandatory attribute of custom objectclass.
Here is the contents of the LDIF file 'add.ldif':
dn: cn=hna,cn=Users,DC=lan,DC=test,DC=de
changetype: modify
add: objectclass
objectclass: MyCustomObjectClass
-
add: myCustomAttribute
myCustomAttribute: someValue
-
Problem: when I try add that to the LDAP server using
ldapmodify -h ... -D ... -w ... -x -f add.ldif
I get the error message
ldap_modify: Objectclass violation (65)
additional info: 00002014: objectclass_attrs: attribute 'myCustomAttribute'
on entry 'cn=hna,cn=Users,DC=lan,DC=test,DC=de' does not exist in the
specified objectclasses
When I leave out the 'add' of 'myCustomAtribute' then of course then I get:
ldap_modify: Objectclass violation (65)
additional info: 00002014: objectclass_attrs: at least one mandatory attribute
('myCustomAttribute') on entry 'cn=hna,cn=Users,DC=lan,DC=test,DC=de'
wasn't specified!
Any idea what is wrong with my approach?
ldapmodify is the one from OpenLDAP; the server is a Samba V4 LDAP.
This should work:
dn: cn=hna,cn=Users,DC=lan,DC=test,DC=de
changetype: modify
add: objectclass
objectclass: MyCustomObjectClass
add: myCustomAttribute
myCustomAttribute: someValue
There MUST be an empty line after the last line.
The "-" is only needed if you want to perform separate modify operations and have them be atomic. (ie all work or all fail).
As adding the objectclass requires MUST attributes must happen in the same modification.
By the way I have noticed that some ldapmodify programs do not handle these properly.
-jim
Related
I have the following entry in LDAP directory:
dn: ou=Users,dc=itau,dc=co
objectClass: organizationalUnit
ou: Users
Unfortunately, I forgot to add the gid attribute. Because of this, I had created the following LDIF file called "modify.ldif":
dn: ou=Users,dc=itau,dc=co
changetype: modify
add: gid
gid: 20000
But when I run the command
ldapmodify -x -D "cn=admin,dc=itau,dc=co" -w <PASSWORD> -H ldap:// -f modify.ldif
I get the error:
ldap_modify: Undefined attribute type (17)
additional info: gid: attribute type undefined
It's important to say that I had checked for blank spaces at the end of each line, but this error didn't desappear.
Why I'm getting this error?.
Thank you.
I'm trying to add a user to the "wheel" group and I keep getting this error message (removed dc entries to mask my company:
[root#~]# ldapmodify -x -W -D "cn=Manager,dc=XXX,dc=XXX" -f usergroupadd.ldif
Enter LDAP Password:
modifying entry "cn=wheel,ou=groups,dc=XXX,dc=XXX"
ldap_modify: No such object (32)
matched DN: dc=XXX,dc=XXX
Now I'm sure many will wonder if the 'wheel' group even exists, and that answer is yes. Adjusted user names for security purposes.
[root#~]# getent group| grep wheel
wheel:x:10:USER1,USER2,USER3,USER4,USER5,USER6
[root#~]#
And lastly my ldif file with the usergroup add appears to be correct:
[root#~]# cat usergroupadd.ldif
dn: cn=wheel,ou=groups,dc=XXX,dc=XXX
changetype: modify
add: memberuid
memberuid: USER7
So my question is, what is causing the No such object (32) error?
Thanks,
I'd like to write a ldapmodify command and pass in a ldif file to move computers to a new OU. This means I need to change the DNs.
Example:
CN=joesworkstation,OU=training,OU=computers,DC=my,DC=domain,DC=com
to
CN=joesworkstation,OU=laptops,DC=my,DC=domain,DC=com
The man ldif shows how to rename a CN for a user, but not changing a DN for a computer. Based on their example though, this is my ldif file format guess:
dn: CN=joesworkstation,OU=training,OU=computers,DC=my,DC=domain,DC=com
changetype: modify
replace: dn
dn: CN=joesworkstation,OU=laptops,DC=my,DC=domain,DC=com
deleteoldrdn: 1
Is this the most correct way to do this?
Depending on LDAP Server Implementation an LDIF should be something like:
dn: CN=joesworkstation,OU=training,OU=computers,DC=my,DC=domain,DC=com
changetype: moddn
newsuperior: OU=laptops,DC=my,DC=domain,DC=com
# remove old RDN entry
deleteoldrdn: 1
There could be restraints on such activities.
Perform due diligence.
There maybe better methods for Microsoft Active Directory.
-jim
I was able to get a solution to work finally today.
To update the DN of computer objects I used the following LDIF formatted file:
dn: CN=joesworkstation,OU=training,OU=computers,DC=my,DC=domain,DC=com
changetype: moddn
newrdn: joesworkstation
deleteoldrdn: 1
newsuperior: OU=laptops,DC=my,DC=domain,DC=com
This worked quite well and kept all the values of the attributes of the computer object in tact as well.
I am trying to add a new attribute to the OpenLDAP schema
# cat /etc/ldap/pwdResetAttribAdd.ldif
dn: cn={3}inetorgperson,cn=schema,cn=config
add: olcAttributeTypes
##
## The new attribute type
##
olcAttributetypes: ( 1.3.6.1.4.1.42.2.27.8.1.22
NAME 'pwdReset'
DESC 'The indication that the password has been reset'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
USAGE directoryOperation )
The command I am using to add is as under
ldapmodify -D "cn=admin,dc=test" -w somePass -h localhost -p 389 -f /etc/ldap/pwdResetAttribAdd.ldif
However, it fails with below error
modifying entry "cn={3}inetorgperson,cn=schema,cn=config" ldap_modify: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: "1.3.6.1.4.1.42.2.27.8.1.22" is operational
Where am I wrong ?
You don't need to do this. Just add ppolicy.schema to the schemas being loaded, and the ppolicy overlay to the overlays, and all the appropriate ppolicy attributes will appear.
NB pwdReset and its friends that live in user entries are operational attributes and are commented out in this schema, but the ppolicy overlay causes them to be known anyway.
I have created 4 new attributes on cn=schema and also created a new objectclass with the 4 attributes set as MUST.
I tried to add the objectclass to existing entry which obviously return an error because those 4 new attributes are not setup for the ldap entry.
I created an ldif file and ran ldapmodify but get object violation error. Can anyone tellme whats causing this error and if I'm missing anything.
ldif
#ldapmodify.bat -h localhost -p 1389 -D "cn=Directory Manager" -w xxxxx -a -f entry.ldif
dn: uid=user.0,ou=People,dc=example,dc=com
changetype: modify
add: disabledFlag
disabledFlag: n
-
add: passwordData
passwordData:< file:/C:\\oud\\asinst_1\\OUD\\bat\\images.png
-
add: anonymousID
anonymousID: nah
-
add: challengeResponse
challengeResponse: nah
Error after executing the command.
Processing MODIFY request for uid=user.0,ou=People,dc=example,dc=com
MODIFY operation failed
Result Code: 65 (Object Class Violation)
Additional Information: Entry uid=user.0,ou=People,dc=example,dc=com cannot not be modified because the resulting entry would have violated the server schema: Entry uid=user.0,ou=People,dc=example,dc=com violates the Directory Server schema configuration because it includes attribute anonymousID which is not allowed by any of the objectclasses defined in that entry
LDAP installed is OUD 11gR2.
Finally able to solve the question myself.
This is what I did
Changed STRUCTURAL to ABSTRACT for the objectclass since there can be only one STRUCTURAL and updated objectclass to have MAY attributes instead of MUST.
used ldap port instead of admin port in the ldap modify command.
I still couldn't figure out why cant objectclass be created with MUST ? Is this chicken and egg kind of problem?