openldap add mail attribute to users

Asked 1/2, 2015 at 11:26 Answered 26/10, 2016 at 10:54

I'm trying to add 'mail' attribute to users on my openldap server but somehow it fails. I tried using ldapmodify but I get this:

ldap_modify: Object class violation (65)
additional info: attribute 'mail' not allowed

Here's how my schema looks like:

# LDIF Export for ou=users,dc=mydomain,dc=com
# Server:  (ldap.mydomain.com)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 63

version: 1

# Entry 1: ou=users,dc=mydomain,dc=com
dn: ou=users,dc=mydomain,dc=com
objectclass: organizationalUnit
objectclass: top
ou: users

# Entry 2: uid=tom.hanks,ou=users,dc=mydomain,dc=com
dn: uid=tom.hanks,ou=users,dc=mydomain,dc=com
cn: tom.hanks
description: User account
gecos: tom.hanks
gidnumber: 100
homedirectory: /home/tom.hanks
loginshell: /bin/bash
objectclass: account
objectclass: posixAccount
uid: tom.hanks
uidnumber: 1005
userpassword: blahblah

Pacification answered 1/2, 2015 at 11:26 Comment(3)

Hi. I've managed to solve it by adding a new objectClass to all users: extensibleObject which contains the "email" attribute. Thanks. – Pacification 1/2, 2015 at 12:2

try to add objectClass inetOrgPerson – Cocke 1/2, 2015 at 12:25

You should add iNetOrgPerson and not the entensibleObject. Extensible Object will literally allow you to add any attribute to a directory entry that has it. If you want your objects to be able to have any attribute added to them, even made up ones, then by all means use extensibleObject. – Ironlike 1/2, 2015 at 14:16

Include objectclass: iNetOrgPerson to add the mail attribute.

Ironlike answered 1/2, 2015 at 14:26 Comment(1)

objectclass:iNetOrgPerson and objectclass: account can not be ussed at the same time; you'd need to remove the objectclass: account (and just leave objectclass: posixAccount, if you do not necessarily need objectclass: account) – Stylus 29/3, 2016 at 13:33

In order to give the user the Attribute mail you first have to add the mail attribute to the user's olcObjectClasses.

This can be done by a modification via an ldif like this:

dn: cn={12345}someName,cn=schema,cn=config
changetype: modify
delete: olcObjectClasses
olcObjectClasses: {1}
-
add: olcObjectClasses
olcObjectClasses: {1}( 1.3.6.1.4.1.12344556.1.1.1 NAME 'yourObjectClassEGAccount' DESC 'some description' SUP inetOrgPerson STRUCTURAL MUST ( requiredparam1 $ requiredParam2 $ reqParam3 ) MAY ( optionalParam1 $ optionalParam2 ) ) )
-

See the documentation for ldapmodify for details: Oracle ldapmodify Doc

The modification is then given to ldap via the following command (command line):

sudo ldapmodify -f filename.ldif

make sure to read the documentation on whether you need further parameters like eg. -h for hostname or -Y for a proxyDN: lmodify Doc

Barsac answered 26/10, 2016 at 10:54 Comment(0)

Recommended topics

Hot tags