Openldap – unrecognized objectClass ‘olcOverlayConfig’

openldap

I want to configure my overlay ppolicy and when I try to add the following configuration with ldapadd, slapd return

objectClass: value #0 invalid per syntax

dn: olcOverlay=ppolicy,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: olcPpolicyConfig
olcOverlay: ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=domain,dc=tld
olcPPolicyUseLockout: TRUE
olcPPolicyHashCleartext: TRUE

Also, when I try with slapadd I have

(65) unrecognized objectClass 'olcOverlayConfig'

But, this objectClass is present to my schema:

ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b "cn=schema,cn=config" -s base | grep olcOverlayConfig

olcObjectClasses: ( OLcfgGlOc:5 NAME 'olcOverlayConfig' DESC 'OpenLDAP Overlay
onfiguration' SUP olcOverlayConfig STRUCTURAL MUST olcAccessLogDB MAY ( olcAc
figuration' SUP olcOverlayConfig STRUCTURAL MAY olcAuditlogFile )
overlay configuration' SUP olcOverlayConfig STRUCTURAL MAY olcConstraintAttr
ation' SUP olcOverlayConfig STRUCTURAL MAY ( olcMemberOfDN $ olcMemberOfDangl
cy configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcPPolicyDefault $ o

I don't understand this error..

Best Answer

I solved my problem. I was on Fedora 28 Server and the version of openldap was 2.4.46-1. I thought that considering the objectClass used, it was provide by a hardcoded schema, so I upgraded my server to Fedora 29 which have the version 2.4.46-9.

I saved the /etc/openldap/slapd.d folder as well as the databases files located in /var/lib/ldap then I deleted those files. Of course, the daemon slapd was stopped.

I rebuilt everything from my slapd.ldif slapadd -n 0 -F /etc/openldap/slapd.d -f slapd.ldif where slapd.ldif already contains ppolicy.la module and ldif schema.
Then, I start the service and I type the command ldapadd -Y EXTERNAL -H ldapi:/// -f ppolicy_config.ldif and this time, the command performed well.

I did not identified the root cause of my problem, perhaps I missing something (but I do not see what) or there is a bug in the package openldap-servers from repository Fedora 28.

Related Topic