[LDAP: error code 65 - attribute 'pwmData' not allowed])
Closed this issue · 6 comments
even if adding new schemas for pwm i keep getting error when i try to create user with pwm that [LDAP: error code 65 - attribute 'pwmData' not allowed])
Below is my pwm schema as suggested by you in my last issue
customSchemaFiles:
pwm.ldif: |
dn: cn=pwm,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: pwm
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.1 NAME 'pwmEventLog' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.2 NAME 'pwmResponseSet' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.3 NAME 'pwmLastPwdUpdate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.4 NAME 'pwmGUID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.6 NAME 'pwmOtpSecret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.7 NAME 'pwmData' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcObjectClasses: ( 1.3.6.1.4.1.35015.1.1.1 NAME 'pwmUser' AUXILIARY MAY ( pwmLastPwdUpdate $ pwmEventLog $ pwmResponseSet $ pwmOtpSecret $ pwmGUID $ pwmData ) )
Hi @avodapalli2 ,
i haven’t tried this schema , in your last issue I said that it should looks like that . I recommend you use the one they provide in their github repo but you’ll have to fix the indentation as it seems off.
can you run ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config
inside an openldap
pod and verify that you see your schema ?
Hi @jp-gouin , with above ldapsearch command, i can see the schemas as below I did not add whole output but only schema part.
{4}pwm, schema, config
dn: cn={4}pwm,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {4}pwm
olcAttributeTypes: {0}( 1.3.6.1.4.1.35015.1.2.1 NAME 'pwmEventLog' EQUALITY oc
tetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.35015.1.2.2 NAME 'pwmResponseSet' EQUALITY
octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: {2}( 1.3.6.1.4.1.35015.1.2.3 NAME 'pwmLastPwdUpdate' SYNTAX
1.3.6.1.4.1.1466.115.121.1.24 )
olcAttributeTypes: {3}( 1.3.6.1.4.1.35015.1.2.4 NAME 'pwmGUID' SYNTAX 1.3.6.1.
4.1.1466.115.121.1.15 )
olcAttributeTypes: {4}( 1.3.6.1.4.1.35015.1.2.6 NAME 'pwmOtpSecret' EQUALITY o
ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: {5}( 1.3.6.1.4.1.35015.1.2.7 NAME 'pwmData' EQUALITY octetS
tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcObjectClasses: {0}( 1.3.6.1.4.1.35015.1.1.1 NAME 'pwmUser' AUXILIARY MAY (
pwmLastPwdUpdate $ pwmEventLog $ pwmResponseSet $ pwmOtpSecret $ pwmGUID $ pw
mData ) )
Hi @avodapalli2 , sorry I'm not familiar with pwm-project
.
From what I see the schema has been added by the chart.
Probably they provide a guide or tutorial to integrate into openldap
Hi, @jp-gouin Thank you I will try to search :)
It worked with old helm chart with osixia/openldap
1.5.0 ldap image. But with new helm chart with bitnami image its not working
@jp-gouin Thank you so much for your help, finally everything is working after moving all my acl etc in schemas :)