I forgot to describe the system account that I created. I followed the procedure at https://www.freeipa.org/page/HowTo/LDAP#System_Accounts
# LDAPsearch, sysaccounts, etc, ... dn: uid=LDAPsearch,cn=sysaccounts,cn=etc,dc=... objectClass: account objectClass: simplesecurityobject objectClass: top uid: LDAPsearch What do I need to change to be able to add this account as a member to a given role? To avoid this: modifying entry "cn=A and A,cn=roles,cn=accounts,dc=..." ldap_modify: Object class violation (65) George Boyce, SAIC/NICS GCC Systems Support NASA GSFC Code 762
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
