Re: invalid syntax on pwdPolicy object add

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Monday, 13 September 2010 09:30:14 Julien Vehent wrote:
> I have created the OU 'policies' just fine, but when I try to add a
> pwdPolicy object, i get the following error:
> 

(the <<EOF isn't necessary, if you don't specify an input file, ldapadd etc. 
will use stdin by default, just use CTRL-D to terminate the input in place of 
the EOF)

> ----
> # ldapadd -x -D cn=admin,dc=example,dc=net -W << EOF
> dn: cn=defaultpwpolicy,ou=policies,dc=example,dc=net
> objectClass: pwdPolicy
> objectClass: top
> pwdAttribute: userPassword
> pwdAllowUserChange: TRUE
> pwdInHistory: 2
> pwdMaxFailure: 10
> pwdLockout: TRUE
> pwdLockoutDuration: 1800
> pwdMinLength: 6
> EOF
> Enter LDAP Password:
> adding new entry "cn=defaultpwpolicy,ou=policies,dc=example,dc=net"
> ldap_add: Invalid syntax (21)
>         additional info: objectClass: value #0 invalid per syntax
> ----

Are you sure that you don't have any invalid characters on the:
objectClass: pwdPolicy
line ? For example, trailing white space is often a cause of this problem. You 
may want to use an ldif file, and attach it to any reply (as trailing space is 
easily missed if copying/pasting text into the stdin of ldapadd and/or email 
client)

(your ldif above does still need a suitable structural objectclass, but it is 
not the cause of the error message above).

Regards,
Buchan