Header Shadow Image


LDAP ldapmodify: additional info: single-valued attribute “ipaBaseRID” has multiple values

You may run into the following when trying to modify the FreeIPA ID Ranges:

[root@ipa03 ~]# ldapmodify -H ldapi://%2fvar%2frun%2fslapd-MWS-MDS-XYZ.socket << EOF
> dn: cn=MDS.XYZ_id_range,cn=ranges,cn=etc,dc=mws,dc=mds,dc=xyz
> changetype: modify
> add: ipaBaseRID
> ipaBaseRID: 200000000
> EOF
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=MDS.XYZ_id_range,cn=ranges,cn=etc,dc=mws,dc=mds,dc=xyz"
ldap_modify: Object class violation (65)
        additional info: single-valued attribute "ipaBaseRID" has multiple values

The real issue is with the line:

> add: ipaBaseRID

What the error means is that you're trying to ADD another attribute ipaBaseRID instead of replacing or updating the value.  This is a violation of DIT rules.  You cannot have more than one ipaBaseRID key and value pair.

The correct syntax is, therefore to use the replace tag: 

[root@idmipa03 ~]# ldapmodify -H ldapi://%2fvar%2frun%2fslapd-MWS-MDS-XYZ.socket << EOF
> dn: cn=ranges,cn=etc,dc=mws,dc=mds,dc=xyz
> changetype: modify
> replace: ipaBaseID
> ipaBaseID: 155600000
> EOF
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=ranges,cn=etc,dc=mws,dc=mds,dc=xyz"
ldap_modify: Object class violation (65)
        additional info: attribute "ipaBaseID" not allowed

NOTE: However due to the nature of the object definitions on our FreeIPA server, this results in another error you see above.  This is solved through the  LDAP ldapmodify: additional info: attribute "ipaBaseID" not allowed page.

Cheers,
TK

 

One Response to “LDAP ldapmodify: additional info: single-valued attribute “ipaBaseRID” has multiple values”

  1. […] recreate the trust using the latter option.  Also see about modifying these LDAP settings here.  If you need to disable POSIX / UNIX Attributes that are defined in windows and allow SSSD to […]

Leave a Reply

You must be logged in to post a comment.


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License