Re: OpenLDAP Multiple User Import

Thu, 02 Jan 2014 10:42:08 -0800 

Am Thu, 2 Jan 2014 17:35:33 +0000
schrieb David Barr <[email protected]>:

> I have one file that I need to use to import about 50 people, it
> doesn't like the fact that I have more than one user in the file for
> some reason.  I might have another 200 in the future and need to
> figure out why it isn't working... Help please.
> 
> Is my syntax wrong? Did I place something in the wrong order or
> something more than once that isn't needed.
> 
> I have included two users, all are the same except the actual
> username.
> 
> Help please.
> 
> 
> # USER ENTRY
> dn: cn=New.user01,ou=People,dc=test,dc=com
> uid: NEW.user01
> givenName: NEW.user01
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> userPassword: NEW.user01
> sn: NEW.user01
> ou: People
> cn: NEW.user01
> objectClass: uidObject
> objectClass: pwdPolicy
> pwdAttribute: userPassword
> objectClass: pwdPolicyChecker
> pwdMinAge: 86400
> pwdMaxAge: 7776002
> pwdInHistory: 10
> pwdCheckQuality: 2
> pwdMinLength: 14
> pwdExpireWarning: 432000
> pwdGraceAuthNLimit: 0
> pwdFailureCountInterval: 120
> pwdAllowUserChange: TRUE
> pwdCheckModule: Standard Policy
> pwdLockout: FALSE
> 
> dn: cn=NEW.user02,ou=People,dc=test,dc=com
> uid: NEW.user02
> givenName: NEW.user02
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> userPassword: NEW.user02
> sn: NEW.user02
> ou: People
> cn: NEW.user02
> objectClass: uidObject
> objectClass: pwdPolicy
> pwdAttribute: userPassword
> objectClass: pwdPolicyChecker
> pwdMinAge: 86400
> pwdMaxAge: 7776002
> pwdInHistory: 10
> pwdCheckQuality: 2
> pwdMinLength: 14
> pwdExpireWarning: 432000
> pwdGraceAuthNLimit: 0
> pwdFailureCountInterval: 120
> pwdAllowUserChange: TRUE
> pwdCheckModule: Standard Policy
> pwdLockout: FALSE
> 
> ldapadd -v -d 1 -D "cn=Admin,dc=test,dc=com" -w test -f /tmp/T/.ldif
> 
> adding new entry cn=New.user01,ou=People,dc=test,dc=com
> ldap_add: Type or value exists
> ldap_add: additional info: objectClass: value #1021 provided more
> than once

You should not include password policy attributes in a user entry.
The proper way is to create policy entries and point a user entry to
this policy entry by adding a pwPolicySubentry attribute, see
man slapo-ppolicy(5).

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E

Reply via email to