Fedora Linux Support Community & Resources Center
Old 30th November 2009, 11:39 PM
mscag Offline
Registered User
Join Date: Nov 2009
Posts: 13
OpenLDAP::can not add value to 'mail' attribute


After installing F11, I installed OpenLdap with the command "yum -y install openldap*"
And added the password obtained through the command "slappasswd -s password -h {MD5}" into /etc/openldap/slapd.conf.

Also, I specified the domain information within the file on "suffix" and "rootdn".

I also modified the domain name in both /etc/openldap/ldap.conf and /etc/ldap.conf.

I copied the

Copied the /usr/share/doc/openldap-servers-2.4.15/DB_CONFIG.example to /var/lib/ldap/DB_CONFIG.

Then started the server with the command /etc/rc.d/init.d/ldap start

I then was able to create and delete OU's and CN's with the help of ldapadd and ldapdelete. I also created PERSON records using the base.ldif file with the content ;
dn: cn=user1, ou=domain, dc=example, dc=com
objectClass: person
cn: user1
sn: user1

Everything is OK until I try to add a person with an email address in the "mail" attribute. The error message is ;
adding new entry "cn=user1, ou=domain, dc=example, dc=com
ldap_add: Object class violation (65)
additional info: attribute 'mail' not allowed

This error message is appearing also with "uid" attribute.

I have searched some forums and found some suggestions to include the line
"include /etc/openldap/schema/inetorgperson.scheme" in the file /etcopenldap/slapd.conf, which is already in.

Any suggestions ?

Reply With Quote
Old 1st December 2009, 03:11 AM
scottro Offline
Retired Community Manager -- Banned from Texas by popular demand.
Join Date: Sep 2007
Location: NYC
Posts: 8,129
Yeah, read my page on it, it explains it all. Other suggestion, realize that most LDAP documentation is as bad as most Linux docs.

Seriously. inetorgperson schema should be included already Look at the lines up at the top of /etc/openldap/slapd.conf. Isn't include inetorgperson schema already there without a # (comment sign) in front of it? If not, uncomment.

Now, mail is an attribute of inetorgperson. (By the way, it's schema, not scheme. Be careful of typos---you'd be amazed how much time you can waste on ldap with typos. Trust me on this.)

So, if you want user1 to have an email address, you'll use

dn: cn=user1,ou=domain,dc=example, dc=com
ObjectClass: inetOrgPerson
cn: user1
sn: user1
mail: user1@example.com

You don't need ObjectClass: person, because, as it's a SUP (parent) of inetOrgPerson, (as you can probably figure out if you delve through the schema), it's implicitly already there. (As is objectclass: top).

My page is at http://home.roadrunner.com/~computertaijutsu/ldap.html

It has a link to a schema browser, at akbk.home (or something similar---ahh, http://ldap.akbkhome.com/index.php

There you can find objectclasses with lists of their attributes.

Reply With Quote
Old 12th January 2012, 05:29 PM
Rajat Paliwal Offline
Registered User
Join Date: Jan 2012
Location: Pune
Posts: 1
Re: OpenLDAP::can not add value to 'mail' attribute

You just need to add prper schema file in your slapd.conf file....adn then restart the server

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/pmi.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
include /usr/local/etc/openldap/schema/dyngroup.schema

This is the correct order of inclusion(please update the path as per your configuration)
Reply With Quote

add, attribute, mail, openldapcan

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
update problem "Attribute error object has no attribute 'rsplit' russet Using Fedora 3 31st August 2009 12:45 AM
Attribute error with YUM . mohan.10 Using Fedora 32 5th October 2008 08:58 PM
OpenLDAP error ldapadd: Undefined attribute type (17) gergaholic Using Fedora 0 8th November 2007 08:04 PM
SELinux Attribute issues ddwelley Security and Privacy 2 23rd November 2005 06:14 PM
mail server openldap selinux? rae Servers & Networking 2 3rd May 2005 02:01 PM

Current GMT-time: 16:27 (Wednesday, 20-09-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat