OpenLDAP::can not add value to 'mail' attribute

mscag · #1 30th November 2009, 10:39 PM

Hello,

After installing F11, I installed OpenLdap with the command "yum -y install openldap*"
And added the password obtained through the command "slappasswd -s password -h {MD5}" into /etc/openldap/slapd.conf.

Also, I specified the domain information within the file on "suffix" and "rootdn".

I also modified the domain name in both /etc/openldap/ldap.conf and /etc/ldap.conf.

I copied the

Copied the /usr/share/doc/openldap-servers-2.4.15/DB_CONFIG.example to /var/lib/ldap/DB_CONFIG.

Then started the server with the command /etc/rc.d/init.d/ldap start

I then was able to create and delete OU's and CN's with the help of ldapadd and ldapdelete. I also created PERSON records using the base.ldif file with the content ;
dn: cn=user1, ou=domain, dc=example, dc=com
objectClass: person
cn: user1
sn: user1

Everything is OK until I try to add a person with an email address in the "mail" attribute. The error message is ;
***************************
adding new entry "cn=user1, ou=domain, dc=example, dc=com
ldap_add: Object class violation (65)
additional info: attribute 'mail' not allowed
***************************

This error message is appearing also with "uid" attribute.

I have searched some forums and found some suggestions to include the line
"include /etc/openldap/schema/inetorgperson.scheme" in the file /etcopenldap/slapd.conf, which is already in.

Any suggestions ?

Regards.

scottro · #2 1st December 2009, 02:11 AM

Yeah, read my page on it, it explains it all.

Other suggestion, realize that most LDAP documentation is as bad as most Linux docs.

Seriously. inetorgperson schema should be included already Look at the lines up at the top of /etc/openldap/slapd.conf. Isn't include inetorgperson schema already there without a # (comment sign) in front of it? If not, uncomment.

Now, mail is an attribute of inetorgperson. (By the way, it's schema, not scheme. Be careful of typos---you'd be amazed how much time you can waste on ldap with typos. Trust me on this.)

So, if you want user1 to have an email address, you'll use

dn: cn=user1,ou=domain,dc=example, dc=com
ObjectClass: inetOrgPerson
cn: user1
sn: user1
mail: user1@example.com

You don't need ObjectClass: person, because, as it's a SUP (parent) of inetOrgPerson, (as you can probably figure out if you delve through the schema), it's implicitly already there. (As is objectclass: top).

My page is at http://home.roadrunner.com/~computertaijutsu/ldap.html

It has a link to a schema browser, at akbk.home (or something similar---ahh, http://ldap.akbkhome.com/index.php

There you can find objectclasses with lists of their attributes.

HTH.

Rajat Paliwal · #3 12th January 2012, 04:29 PM

You just need to add prper schema file in your slapd.conf file....adn then restart the server

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/pmi.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
include /usr/local/etc/openldap/schema/dyngroup.schema

This is the correct order of inclusion(please update the path as per your configuration)