# slapcat
/etc/openldap/slapd.conf: line 113: warning: no by clause(s) specified in access line (ignored).
dn: dc=local,dc=net,dc=com
dc: local
objectClass: top
objectClass: domain
entryUUID: ...
creatorsName: cn=Manager,dc=local,dc=net,dc=com
createTimestamp: ...
entryCSN: ...
modifiersName: cn=Manager,dc=local,dc=net,dc=com
modifyTimestamp: ...

dn: cn=Manager,dc=local,dc=net,dc=com
objectClass: ogranizationalRole
cn: Manager
structuralObjectClass: organizationalRole
entryUUID: ...
creatorsName: cn=Manager,dc=local,dc=net,dc=com
entryCSN: ...
modifiersName: cn=Manager,dc=local,dc=net,dc=com
modifyTimestamp: ...

dn= ou=admins,dc=local,dc=net,dc=com
ou: admins
objectClass: top
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID:...
creatorsName: cn=Manager,dc=local,dc=net,dc=com
createTimestamp: ...
entryCSN: ...
modifiersName: cn=Manager,dc=local,dc=net,dc=com
modifiersTimestamp: ...


# cat users.ldif
dn: uid=foobar,ou=admins,dc=local,dc=net,dc=com
uid: foobar
cn: foo bar
objectClass: account
objectClass: top
userPassword: {SSHA}...
shadowLastChange: ...
shadowMax: ....
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 601
gidNumber: 10
homeDirectory: /home/foobar


# ldapadd -x -D "cn=Manager,dc=local,dc=net,dc=com" -w <password> -f users.ldif
adding new entry "uid=foobar,ou=admins,dc=local,dc=net,dc=com"
ldapadd: Object class violation (65)
additional info: attribute 'cn' not allowed


What am I doing wrong with the user add?

dn: cn=Manager,dc=local,dc=net,dc=com
objectClass: ogranizationalRole
cn: Manager
structuralObjectClass: organizationalRole
entryUUID: ...
creatorsName: cn=Manager,dc=local,dc=net,dc=com
entryCSN: ...
modifiersName: cn=Manager,dc=local,dc=net,dc=com
modifyTimestamp: ...

You are missing two objectClasses here
top and I believe person -

Think of object classes as an upside down tree - In order to use any element within tree you have to start with objectclass: top ----top leads to bunch of new objects and those objects lead to more.

So organizationalRole > Person > Top and with all of those they have required attributes that must be present.

There are a few websites out there that have the Hierarchy of all the objectclasses and just as a heads up objectclasses require header files be included in slapd.conf if not already in there.

1 members found this post helpful.

Issue solved, I did have to add the following two object classes to make it look like the following:

objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount