Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
1758 views

ldapmodify error 601

Hi all,

I'm developing a web interface with PHP and LDAP to manage eDirectory and Active Directory in a common project.

I'm able to add a user (with password) with PHP/LDAP in eDirectory, but, when I try to change password (with ldap_modify or ldap_mod_replace), return a "Modify: No such attribute".

Using ldapmodify to test, got:

ldap_modify: No such object (32)
additional info: NDS error: no such entry (-601)

ldapsearch query results ok.

Example:

#ldapsearch -D "CN=adminfoo,o=tree" -w foopass -p 389 -h 192.168.1.1 -b "O=tree" "cn=foobar"

# extended LDIF
#
# LDAPv3
# base <O=tree> with scope subtree
# filter: cn=foobar
# requesting: ALL
#


dn: cn=foobar,O=tree
userAccountControl: 512
sAMAccountName: foobar

and all other proprieties of the object.

# search result
search: 2
result: 0 Success

The ldif:

dn: cn=foobar,o=tree
changetype: modify
delete: userPassword
userPassword: oldpassword
add: userpassword
userPassword: newpassword

#ldapmodify -x -h 10.4.2.20 -D "CN=fooadmin,o=tree" -w adminpass -f edir.ldif

ldap_modify: No such object (32)
additional info: NDS error: no such entry (-601)


Any idea?

Thanks in advance.

Silveira Neto

Silveira Neto, CLE/CNI
Labels (2)
0 Likes
3 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Your LDIF is invalid syntactically. Here's a valid example:


dn: cn=foobar,o=tree
changetype: modify
delete: userPassword
userPassword: oldpassword
-
add: userpassword
userPassword: newpassword


Also, be sure that you are not actually putting your tree name in for the
organization unless the two happen to be the same. The root-level of an
eDirectory tree, the T object, is not ways the same as the top-level
container within the tree (often an Organization). I mention this because
you put the string 'tree' in there, which to me implies the tree name,
perhaps without considering that the tree is not the parent of the user as
it almost certainly is not.

Also, your examples are either for different directories or are both
targeted at microsoft active directory (MAD). If the former, your test is
invalid. If the latter, you're asking in a Novell forum about a microsoft
product and while my comment about the LDIF's validity is still correct,
it is not an eDirectory issue.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
Absent Member.
Absent Member.

I was doing to many things at the same time, and didn't realize the wrong syntex.

Thank you.

ab;2328384 wrote:
Your LDIF is invalid syntactically. Here's a valid example:


dn: cn=foobar,o=tree
changetype: modify
delete: userPassword
userPassword: oldpassword
-
add: userpassword
userPassword: newpassword


Also, be sure that you are not actually putting your tree name in for the
organization unless the two happen to be the same. The root-level of an
eDirectory tree, the T object, is not ways the same as the top-level
container within the tree (often an Organization). I mention this because
you put the string 'tree' in there, which to me implies the tree name,
perhaps without considering that the tree is not the parent of the user as
it almost certainly is not.

Also, your examples are either for different directories or are both
targeted at microsoft active directory (MAD). If the former, your test is
invalid. If the latter, you're asking in a Novell forum about a microsoft
product and while my comment about the LDIF's validity is still correct,
it is not an eDirectory issue.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

Silveira Neto, CLE/CNI
0 Likes
Absent Member.
Absent Member.

On Thu, 07 Aug 2014 21:16:01 +0000, silveiranetobr wrote:

> dn: cn=foobar,O=tree
> userAccountControl: 512
> sAMAccountName: foobar


Note that these are Microsoft attributes. eDirectory doesn't use these.


> dn: cn=foobar,o=tree
> changetype: modify
> delete: userPassword
> userPassword: oldpassword
> add: userpassword
> userPassword: newpassword


As Aaron says, this is syntactically wrong. It would be better done like:


dn: cn=foobar,o=tree
changetype: modify
replace: userPassword
userPassword: newpassword



--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.