[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems with adding attributes: newbie in trouble



I thought I had this problem solved, but apparently not. I'm trying to add
the attributes uidNumber and gidNumber. When I try to add these attributes,
I get this error:
ldap_modify: Object class violation
additional info: attribute not allowed
I have these attributes listed in my schema. I need to have a way of
distinguishing by group, as my Samba shares will be derived from LDAP by
group. My Kerberos server is functioning, and supplying passwords. My
ldapsearch results and slapd.conf are included below.

Can anyone please point me in the right direction? Am I missing a required
objectClass? Are these attributes deprecated, as I've read somewhere? I'm
using OpenLDAP 2.0.11, included with RedHat 7.2.

I only have two entries, my organization and administrator. These are the
components I've allocated so far, straight from ldapsearch (some
unnecessary, but I'm testing):

# bhbtest,dc=com
dn: dc=bhbtest,dc=com
objectClass: dcObject
objectClass: organization
objectClass: top
o: Blue Heron Biotechnology Inc
dc: bhbtest
description: Blue Heron Test Network

#LDAP Admin,dc=bhbtest,dc=com
dn: cn=LDAP Admin,dc=bhbtest,dc=com
objectClass: organizationalRole
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: uidObject
objectClass: account
objectClass: organizationalPerson
cn: LDAP Admin
sn: Admin
uid: ldapadm
title: LDAP Administrator
ou: People
mail: ldapadm@bhbtest.com
userPassword: (encrypted from my Kerberos server)
givenName: LDAP

Here is my slapd.conf:
#
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/krb5-kdc.schema
include		/etc/openldap/schema/samba.schema

pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args
schemacheck	on
loglevel	2048
idletimeout	300

TLSCertificateFile 	/etc/openldap/server.pem
TLSCertificateKeyFile 	/etc/openldap/server.pem
sasl-realm			BHBTEST.COM
sasl-host			kerb1.bhbtest.com

database	ldbm
#dbcachenowsync
readonly	off
suffix		"dc=bhbtest,dc=com"
directory		/var/lib/ldap
lastmod		on
rootdn		"cn=LDAP Admin,dc=bhbtest,dc=com"

index	default			pres,eq
index	objectClass,cn,uid	eq
index	mail				eq
index	uidNumber,gidNumber	eq,pres

access to attr=cn,uid,sn,uidNumber,gidNumber,krbName,krb5PrincipalName
	by dn="cn=administrator,dc=bhbtest,dc=com"		write
	by dn="uid=ldapadm.+\+realm=BHBTEST.COM"		write
	by self							write
	by *							none

access to attr=userPassword
	by dn="cn=administrator,dc=bhbtest,dc=com"		write
	by dn="uid=ldapadm.+\+realm=BHBTEST.COM"		write
	by anonymous						auth
	by *							none

access to attr=mail,mailAlternateAddress,mailHost
	by dn="cn=administrator,dc=bhbtest,dc=com"		write
	by dn="uid=ldapadm.+\+realm=BHBTEST.COM"		write
	by users						read
	by *							none

access to attr=mailquota,trustModel,accessTo
	by dn="cn=administrator,dc=bhbtest,dc=com"		write
	by dn="uid=ldapadm.+\+realm=BHBTEST.COM"		write
	by self							read
	by *							none

access to *
	by dn="cn=administrator,dc=bhbtest,dc=com"		write
	by dn="uid=ldapadm.+\+realm=BHBTEST.COM"		write
	by *							read
#