0

I was trying to modify the current ACL rule in openldap by removing the current rule and updating it with a new one via new acl.ldif file using the below command.

ldapmodify -xWD cn=admin,cn=config -f acl.ldif

But I am getting below error while executing it.

modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: Object class violation (65) additional info: attribute 'olcOverlay' not allowed

This is my current olcdatabase file.

dn: olcDatabase={1}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=test,dc=test1,dc=com olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou s auth by dn="ou=admin,dc=test,dc=test1,dc=com" write by * read olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by self write by dn="cn=admin,dc=test,dc=test1,dc=com" w rite by * read olcLastMod: TRUE olcRootDN: cn=admin,dc=test,dc=test1,dc=com olcRootPW:: e1Nb01QN3Mrckk= olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcDbIndex: entryCSN,entryUUID eq structuralObjectClass: olcHdbConfig entryUUID: 372c8246-a1b5-1031-9131-6b135443c1be creatorsName: cn=admin,cn=config createTimestamp: 20121003144902Z entryCSN: 20121003144902.063840Z#000000#000#000000 modifiersName: cn=admin,cn=config modifyTimestamp: 20121003144902Z olcOverlay: syncprov olcSpCheckPoint: 50 10 olcSpSessionlog: 100

And below provided is my acl.ldif file.

dn: olcDatabase={1}hdb,cn=config changetype: modify delete: olcAccess olcAccess: {0} - # Then add a new ACL at position {0}. add: olcAccess olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="ou=Users,dc=test,dc=test1,dc=com" write by * read
Improve this question

1 Answer 1

Reset to default
0

Your current database config is likely invalid. Unless you've done something atypical to your schema, the use of the olcOverlay attribute is not provided for by any of the objectClasses in your config entry. The error message isn't about what you're trying to do, but instead about what you've already done.

This is a more common sort of structure:

$ ldapsearch -b olcDatabase={1}hdb,cn=config objectClass @olcSyncProvConfig dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig dn: olcOverlay={0}syncprov,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpCheckpoint: 100 10 olcSpSessionlog: 100 dn: olcOverlay={1}memberof,olcDatabase={1}hdb,cn=config objectClass: olcMemberOf objectClass: olcOverlayConfig olcOverlay: {1}memberof # find /etc/openldap/slapd.d/ /etc/openldap/slapd.d/ /etc/openldap/slapd.d/cn=config /etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif /etc/openldap/slapd.d/cn=config/olcDatabase={0}config /etc/openldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={0}syncprov.ldif /etc/openldap/slapd.d/cn=config/cn=schema.ldif /etc/openldap/slapd.d/cn=config/cn=module{0}.ldif /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb/olcOverlay={0}syncprov.ldif /etc/openldap/slapd.d/cn=config/cn=schema /etc/openldap/slapd.d/cn=config/cn=schema/cn={7}openssh-lpk.ldif /etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif /etc/openldap/slapd.d/cn=config/cn=schema/cn={3}rfc2307bis.ldif /etc/openldap/slapd.d/cn=config/cn=schema/cn={8}sudo.ldif /etc/openldap/slapd.d/cn=config/cn=schema/cn={2}inetorgperson.ldif /etc/openldap/slapd.d/cn=config/cn=schema/cn={4}misc.ldif /etc/openldap/slapd.d/cn=config/cn=schema/cn={6}kerberos.ldif /etc/openldap/slapd.d/cn=config/cn=schema/cn={5}dhcp.ldif /etc/openldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif /etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif /etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb /etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb/olcOverlay={1}memberof.ldif /etc/openldap/slapd.d/cn=config/olcDatabase={1}hdb/olcOverlay={0}syncprov.ldif /etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif /etc/openldap/slapd.d/cn=config.ldif
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.