Quanah's point is that changetype: add is for adding new objects. I'm assuming cn=config already exists. You need to be using changetype: modify to modify or add attributes to an existing object. You need to use the add: operation before each new attribute you're adding. You also need to include a dash on a line by itself between operations on the same record. The object class error is being generated because DN and changetype must be the first 2 elements of a change record. Objectclass must come after changetype. If you are modifying the existing cn=config record then you don't even need to include objectclass.
Here is a partially modified sample of your original ldif that should work using ldapmodify dn: cn=config changetype: modify add: olcTLSCipherSuite olcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3 - add: olcTLSCertificateFile olcTLSCertificateFile: /usr/local/openldap/etc/openldap/CA/cacert.pem -Jon C. Kidder American Electric Power Middleware Services Email: [email protected] Phone: 614-716-4970 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Borresen, John - 0442 - MITLL Sent: Tuesday, January 21, 2014 1:39 PM To: [email protected] Subject: RE: Adding attributes to cn=config This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. ********************************************************************** I tried both ldapmodify and ldapadd (with a couple of different ldifs). I was trying to "add" an attribute(s) (olcTLSCertificateFile; olcCipherSuite & olcCertificateKeyFile) to the cn=config. No matter what I tried to do, it either returned the error indicated on the original email or it killed the slapd daemon. In the past, yes I know it is not the correct way, I had to stop slapd change into the cn=config directory and manually enter what I wanted. Then restart. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Quanah Gibson-Mount Sent: Tuesday, January 21, 2014 12:14 PM To: Borresen, John - 0442 - MITLL; [email protected] Subject: Re: Adding attributes to cn=config --On Tuesday, January 21, 2014 11:38 AM -0500 "Borresen, John - 0442 - MITLL" <[email protected]> wrote: > > > Ok, > > > > Trying to add the following: > > > > objectClass: olcGlobal à this is the objectClass on another server > that has SSL already set up. > > dn: cn=config > > changetype: add Why are you doing an "add" operation on an entry that already exists? --Quanah -- Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
