what does the ldapadd error: "additional info: objectClass: value #3 invalid per syntax mean?

openldap ldif

Solution 1:

It's not a bad password, i.e. Invalid credentials (49).

It is Invalid syntax (21). Specifically, in the case of objectClass, you're trying to use an objectClass that doesn't exist (olcPPolicyConfig).

OpenLDAP counts multi-attribute values, of which objectClass is one, starting at 0. Which means your ldapadd looks like:

value#0: top  
value#1: olcConfig  
value#2: olcOverlayConfig  
value#3: olcPPolicyConfig

The olcPPolicyConfig objectClass is provided by the libtool library ppolicy.la, which generally needs to be loaded as a module. The same goes for memberOf and most other overlays.

$ sudo ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: ppolicy.la

dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: memberof.la
EOF

Your module path may differ, the above the the correct path for CentOS7.

Related

raid controller data transfer rate
How to fix the Logjam vulnerability in OpenVPN server config?
How to optimize Apache speed for serving static content?
Changing login-formats for Linux and Active Directory
IIS FTP Not Working Remotely Windows Server 2012 R2
Change different domain account without being admin Windows
ESX 5.5 Maximum File Size
Can Event ID 4013 be ignored if it only shows up once?
Is there a valid stability argument against NFS?
SSL Cert for one domain and multiple IPs
How to remove RC4 cipher from node.js https server running on Windows 2012 R2
Windows Terminal Server printer selection dialog delayed in Microsoft Office