Doing a simple ldap doesnt' work...

I am doing a homework for the University and I am unable to success in doing an ADD of an attribute to a DN:

The command line I used is:

ldapmodify -f P17.txt -h hostname -p 7373 -D "UID=u23741,ou=AEC2,dc=EINFO
,dc=UPF,dc=EDU" –W


And the ldif file P17.txt is :

dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
changetype:add
add:description
description:1


But ldapadd keeps on giving me the same error:

adding new entry "UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU"
ldapadd: update failed: UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
ldap_add: Undefined attribute type (17)
additional info: add: attribute type undefined

I have changed the changetype many times and done a lot of things but I don't succes...

If you can help me it would be great, thanks.

Ok - couple of questions:

1. Does the entry already exist in the LDAP server?

If yes:

You should change the contents of your file to the following:

dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
changetype: modify
add: description
description: 1

Also be sure to include spaces between the attribute and it's value:

attribute: attributevalue

It looks like you may not have done this - though it's hard to tell for sure.

If no - the entry is not present in the LDAP directory:

What schema are you using? You do not appear to have all the required attributes of any object class. If you don't know you should probably include:

dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
changetype: add
description: 1
sn: something
uid: u23741
cn: something
givenname: something

HTH

Hmmm...
It's the second case, the attribute doesn't exist.


But if in the ldif file I put all those attributes:


dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
changetype: add
description: 1
sn: something
uid: u23741
cn: something
givenname: something

They will be added/overwritten right ? Those already exist on the dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU entry. Well, I suppose it will be needed to put the same values.

Edit: Tested it. It doesn't work.

I am confused - does the entry exist already or not?

The entry with the DN:
dn:UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
exists and it has its own attributes:

$ ldapsearch -h hostname -p 7373 -b "UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=
EDU" -s base -D "UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU" -W
# extended LDIF
#
# LDAPv3
# base <UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU> with scope base
# filter: (objectclass=*)
# requesting: ALL
#

# u23741, AEC2, EINFO.UPF.EDU
dn: uid=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
groupPrac: 12462-1
career: 337-3371-Enginyeria en Informatica
nia: 23741
sn: SARRADO LARA
mark: null
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: studentPerson
uid: u23741
cn: Enric
groupMembers: null
email: enric.sarrado.01@upf.es
userPassword:: Ym9nYXJk

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

I just want to add a description attribute to that entry.

Provided studentPerson allows description (which it should if it is built correctly) you should have no issues with the following:

dn: UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
changetype: modify
add: description
description: 1

Yes, I tried this. But then a new error appears:
modifying entry "UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU"
ldapadd: update failed: UID=u23741,ou=AEC2,dc=EINFO,dc=UPF,dc=EDU
ldap_modify: Insufficient access (50)

This seems related to the fact my username/password isn't allowed to do this change...But I consider it totally weird since I can (and I have) delete attributes.

Each vendor typically has their own way of implementing ACI's. Write and delete are usually separate permissions - but usually over the entire entry - meaning that I am surprised that you can delete an attribute but not add one - as they are both defined as writes with most vendor implementations. It looks like you are going to have to modify the ACI to allow yourself access to update the entry.