[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Multiple User Import

To: openldap-technical@openldap.org
Subject: Re: OpenLDAP Multiple User Import
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Thu, 2 Jan 2014 19:37:54 +0100
In-reply-to: <02B24DE5CB6DFD4497226B2F508790E20ABA7AFB@MATSVEMBX02.mclane.local>
Organization: AVCI
References: <02B24DE5CB6DFD4497226B2F508790E20ABA7AFB@MATSVEMBX02.mclane.local>

Am Thu, 2 Jan 2014 17:35:33 +0000
schrieb David Barr <David.Barr2@mclaneat.com>:

> I have one file that I need to use to import about 50 people, it
> doesn't like the fact that I have more than one user in the file for
> some reason.  I might have another 200 in the future and need to
> figure out why it isn't working... Help please.
> 
> Is my syntax wrong? Did I place something in the wrong order or
> something more than once that isn't needed.
> 
> I have included two users, all are the same except the actual
> username.
> 
> Help please.
> 
> 
> # USER ENTRY
> dn: cn=New.user01,ou=People,dc=test,dc=com
> uid: NEW.user01
> givenName: NEW.user01
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> userPassword: NEW.user01
> sn: NEW.user01
> ou: People
> cn: NEW.user01
> objectClass: uidObject
> objectClass: pwdPolicy
> pwdAttribute: userPassword
> objectClass: pwdPolicyChecker
> pwdMinAge: 86400
> pwdMaxAge: 7776002
> pwdInHistory: 10
> pwdCheckQuality: 2
> pwdMinLength: 14
> pwdExpireWarning: 432000
> pwdGraceAuthNLimit: 0
> pwdFailureCountInterval: 120
> pwdAllowUserChange: TRUE
> pwdCheckModule: Standard Policy
> pwdLockout: FALSE
> 
> dn: cn=NEW.user02,ou=People,dc=test,dc=com
> uid: NEW.user02
> givenName: NEW.user02
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> userPassword: NEW.user02
> sn: NEW.user02
> ou: People
> cn: NEW.user02
> objectClass: uidObject
> objectClass: pwdPolicy
> pwdAttribute: userPassword
> objectClass: pwdPolicyChecker
> pwdMinAge: 86400
> pwdMaxAge: 7776002
> pwdInHistory: 10
> pwdCheckQuality: 2
> pwdMinLength: 14
> pwdExpireWarning: 432000
> pwdGraceAuthNLimit: 0
> pwdFailureCountInterval: 120
> pwdAllowUserChange: TRUE
> pwdCheckModule: Standard Policy
> pwdLockout: FALSE
> 
> ldapadd -v -d 1 -D "cn=Admin,dc=test,dc=com" -w test -f /tmp/T/.ldif
> 
> adding new entry cn=New.user01,ou=People,dc=test,dc=com
> ldap_add: Type or value exists
> ldap_add: additional info: objectClass: value #1021 provided more
> than once

You should not include password policy attributes in a user entry.
The proper way is to create policy entries and point a user entry to
this policy entry by adding a pwPolicySubentry attribute, see
man slapo-ppolicy(5).

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E

References:
- OpenLDAP Multiple User Import
  - From: David Barr <David.Barr2@mclaneat.com>

Prev by Date: Re: OpenLDAP Multiple User Import
Next by Date: Re: OpenLDAP Multiple User Import
Index(es):
- Chronological
- Thread