[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4552) Cannot add a dc=net with a rootdn equivalent account

Full_Name: Ashish Gawarikar
Version: 2.3.21
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

This seems to be a regression from openldap 2.1.x which was the last one I

Here is the part of slapd.conf:

access to *
        by group/smiAdminGroupOfNames="cn=Directory Site Administrators,ou=SMI
Administrators,dc=admin,dc=local" write stop
        by * break

#rootdn  "cn=Manager"
#rootpw  whatever

suffix          ""


I generally keep the rootdn/rootpw commented. And use the member of the group
Site Administrators to add a new account. A new domain "x.com" can be added if
the dc=com entry pre-exists. If dc=com does not pre-exist I cannot add the x.com
domain using the member of the group Site Administrators.

Here is what I get:

# /usr/local/openldap/bin/ldapadd -Z -H ldap://:389/ -x -c -D
uid=admin,ou=sysAccounts,dc=admin,dc=local -w dmin < /justnet
adding new entry "dc=net"
ldap_add: No such object (32)

dn: dc=net
objectClass: top
objectClass: domain
dc: net

This used to work with openldap 2.0.x and 2.1.x

So I need to add the tld using rootdn/rootpw else I am never able to add any
tlds using the equivalent account. I have disabled the rootdn/rootpw access for
security purposes.