[Date Prev][Date Next] [Chronological] [Thread] [Top]

Can't add attribute (error 65)

To: openldap-technical@openldap.org
Subject: Can't add attribute (error 65)
From: Dan OReilly <dano@process.com>
Date: Tue, 08 Jun 2010 15:17:55 -0600
Thread-index: AcsHUA/XIMn85mXzSh27zOuFWtWb2Q==

Using the following slapd configuration, I can't add an attribute value to
an existing user:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/ppolicy.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args

TLSCipherSuite          HIGH:MEDIUM
TLSCertificateFile      /usr/local/etc/openldap/slapd-cert.pem
TLSCertificateKeyFile   /usr/local/etc/openldap/slapd-key.pem


access          to attrs=userPassword by * auth
access          to * by * read

#######################################################################
# BDB database definitions
#######################################################################

database        bdb
suffix          "dc=psccos,dc=com"
rootdn          "cn=Manager,dc=psccos,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          xxxxxxxx
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /usr/local/var/openldap-data
# Indices to maintain
index   objectClass     eq

Below you can see the ldapmodify command that fails, and below that, the
file that contains the modifications:

$ sudo ldapmodify -w cowabunga -D "cn=Manager,dc=psccos,dc=com" -f
/home/oreilly/mod.ldif
modifying entry "cn=Renee Walker,ou=people,dc=psccos,dc=com"
ldap_modify: Object class violation (65)
        additional info: attribute 'pwdInHistory' not allowed

$ cat /home/oreilly/mod.ldif
dn: cn=Renee Walker,ou=people,dc=psccos,dc=com
changetype: modify
add: pwdInHistory
pwdInHistory: 6


$

Any idea why this behavior occurs?

------
+-------------------------------+----------------------------------------+
| Dan O'Reilly                  |  "There are 10 types of people in this |
| Principal Engineer            |   world: those who understand binary   |
| Process Software              |   and those who don't."                |
| http://www.process.com        |                                        |
+-------------------------------+----------------------------------------+

Follow-Ups:
- Re: Can't add attribute (error 65)
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: OpenLDAP configuration for ldap-group authentication on Apache2.x
Next by Date: Re: Can't add attribute (error 65)
Index(es):
- Chronological
- Thread