7

I'm trying to add 'mail' attribute to users on my openldap server but somehow it fails. I tried using ldapmodify but I get this:

ldap_modify: Object class violation (65)
additional info: attribute 'mail' not allowed

Here's how my schema looks like:

# LDIF Export for ou=users,dc=mydomain,dc=com
# Server:  (ldap.mydomain.com)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 63

version: 1

# Entry 1: ou=users,dc=mydomain,dc=com
dn: ou=users,dc=mydomain,dc=com
objectclass: organizationalUnit
objectclass: top
ou: users

# Entry 2: uid=tom.hanks,ou=users,dc=mydomain,dc=com
dn: uid=tom.hanks,ou=users,dc=mydomain,dc=com
cn: tom.hanks
description: User account
gecos: tom.hanks
gidnumber: 100
homedirectory: /home/tom.hanks
loginshell: /bin/bash
objectclass: account
objectclass: posixAccount
uid: tom.hanks
uidnumber: 1005
userpassword: blahblah
cparfon
  • 157
  • 1
  • 3
  • 13
  • Hi. I've managed to solve it by adding a new objectClass to all users: extensibleObject which contains the "email" attribute. Thanks. – cparfon Feb 01 '15 at 12:02
  • 1
    try to add objectClass inetOrgPerson – DevOps85 Feb 01 '15 at 12:25
  • 1
    You should add `iNetOrgPerson` and not the `entensibleObject`. Extensible Object will literally allow you to add any attribute to a directory entry that has it. If you want your objects to be able to have any attribute added to them, even made up ones, then by all means use `extensibleObject`. – Dave Bennett Feb 01 '15 at 14:16

2 Answers2

7

Include objectclass: iNetOrgPerson to add the mail attribute.

Dave Bennett
  • 10,996
  • 3
  • 30
  • 41
  • 2
    objectclass:iNetOrgPerson and objectclass: account can not be ussed at the same time; you'd need to remove the objectclass: account (and just leave objectclass: posixAccount, if you do not necessarily need objectclass: account) – Rudolf Mayer Mar 29 '16 at 13:33
0

In order to give the user the Attribute mail you first have to add the mail attribute to the user's olcObjectClasses.

This can be done by a modification via an ldif like this:

dn: cn={12345}someName,cn=schema,cn=config
changetype: modify
delete: olcObjectClasses
olcObjectClasses: {1}
-
add: olcObjectClasses
olcObjectClasses: {1}( 1.3.6.1.4.1.12344556.1.1.1 NAME 'yourObjectClassEGAccount' DESC 'some description' SUP inetOrgPerson STRUCTURAL MUST ( requiredparam1 $ requiredParam2 $ reqParam3 ) MAY ( optionalParam1 $ optionalParam2 ) ) )
-

See the documentation for ldapmodify for details: Oracle ldapmodify Doc

The modification is then given to ldap via the following command (command line):

sudo ldapmodify -f filename.ldif

make sure to read the documentation on whether you need further parameters like eg. -h for hostname or -Y for a proxyDN: lmodify Doc

fl0w
  • 3,593
  • 30
  • 34