search

jp-gouin / helm-openldap

Helm chart of Openldap in High availability with multi-master replication and PhpLdapAdmin and Ltb-Passwd
Apache License 2.0
192 stars 116 forks source link

[LDAP: error code 65 - attribute 'pwmData' not allowed]) #185

Closed avodapalli2 closed 1 month ago

avodapalli2 commented 1 month ago

even if adding new schemas for pwm i keep getting error when i try to create user with pwm that [LDAP: error code 65 - attribute 'pwmData' not allowed])

Below is my pwm schema as suggested by you in my last issue 

customSchemaFiles:
  pwm.ldif: |  
    dn: cn=pwm,cn=schema,cn=config
    objectClass: olcSchemaConfig
    cn: pwm
    olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.1 NAME 'pwmEventLog' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
    olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.2 NAME 'pwmResponseSet' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
    olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.3 NAME 'pwmLastPwdUpdate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
    olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.4 NAME 'pwmGUID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
    olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.6 NAME 'pwmOtpSecret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
    olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.7 NAME 'pwmData' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
    olcObjectClasses: ( 1.3.6.1.4.1.35015.1.1.1 NAME 'pwmUser' AUXILIARY MAY ( pwmLastPwdUpdate $ pwmEventLog $ pwmResponseSet $ pwmOtpSecret $ pwmGUID $ pwmData ) )
jp-gouin commented 1 month ago

Hi @avodapalli2 ,

i haven’t tried this schema , in your last issue I said that it should looks like that . I recommend you use the one they provide in their github repo but you’ll have to fix the indentation as it seems off.

can you run ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config inside an openldap pod and verify that you see your schema ?

avodapalli2 commented 1 month ago

Hi @jp-gouin , with above ldapsearch command, i can see the schemas as below I did not add whole output but only schema part.

{4}pwm, schema, config

dn: cn={4}pwm,cn=schema,cn=config objectClass: olcSchemaConfig cn: {4}pwm olcAttributeTypes: {0}( 1.3.6.1.4.1.35015.1.2.1 NAME 'pwmEventLog' EQUALITY oc tetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) olcAttributeTypes: {1}( 1.3.6.1.4.1.35015.1.2.2 NAME 'pwmResponseSet' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) olcAttributeTypes: {2}( 1.3.6.1.4.1.35015.1.2.3 NAME 'pwmLastPwdUpdate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) olcAttributeTypes: {3}( 1.3.6.1.4.1.35015.1.2.4 NAME 'pwmGUID' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.15 ) olcAttributeTypes: {4}( 1.3.6.1.4.1.35015.1.2.6 NAME 'pwmOtpSecret' EQUALITY o ctetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) olcAttributeTypes: {5}( 1.3.6.1.4.1.35015.1.2.7 NAME 'pwmData' EQUALITY octetS tringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) olcObjectClasses: {0}( 1.3.6.1.4.1.35015.1.1.1 NAME 'pwmUser' AUXILIARY MAY ( pwmLastPwdUpdate $ pwmEventLog $ pwmResponseSet $ pwmOtpSecret $ pwmGUID $ pw mData ) )

jp-gouin commented 1 month ago

Hi @avodapalli2 , sorry I'm not familiar with pwm-project.

From what I see the schema has been added by the chart.

Probably they provide a guide or tutorial to integrate into openldap

avodapalli2 commented 1 month ago

Hi, @jp-gouin Thank you I will try to search :) It worked with old helm chart with osixia/openldap 1.5.0 ldap image. But with new helm chart with bitnami image its not working

jp-gouin commented 1 month ago

Most likely linked to #184

avodapalli2 commented 1 month ago

@jp-gouin Thank you so much for your help, finally everything is working after moving all my acl etc in schemas :)