I forgot to describe the system account that I created. I followed the 
procedure at https://www.freeipa.org/page/HowTo/LDAP#System_Accounts

# LDAPsearch, sysaccounts, etc, ...
dn: uid=LDAPsearch,cn=sysaccounts,cn=etc,dc=...
objectClass: account
objectClass: simplesecurityobject
objectClass: top
uid: LDAPsearch

What do I need to change to be able to add this account as a member to a given 
role? To avoid this:

modifying entry "cn=A and A,cn=roles,cn=accounts,dc=..."
ldap_modify: Object class violation (65)

George Boyce, SAIC/NICS
GCC Systems Support
NASA GSFC Code 762

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to