Problem :
#:/etc/openldap/schema # ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f addgroups.ldif
Enter LDAP Password:
adding new entry "cn=groupname,ou=Group,dc=example,dc=com"
ldap_add: Object class violation (65)
additional info: no structural object class provided
Short Summury of solution:
1) systemctl stop slapd.service
2) rm -rf /etc/openldap/slapd.d/*
3) change slapd.conf
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
#include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
#!!! nis.schema contains correct posixGroup description with cn and gidNumber while rfc2307bis.schema does not !
#include /etc/openldap/schema/yast.schema
Look here: (from nis.schema, read MUST: )
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
DESC 'Abstraction of a group of accounts'
SUP top STRUCTURAL
MUST ( cn $ gidNumber )
MAY ( userPassword $ memberUid $ description ) )
while from rfc2307bis.schema we have:
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
DESC 'Abstraction of a group of accounts'
MUST gidNumber
MAY ( userPassword $ memberUid $
description ) )
hence one has to use nis.schema instead of rfc2307bis.schema !
4) slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
5) systemctl restart slapd.service
6) done! use your "ldapadd -x -D …. "
P.S. very useful link:
https://wiki.archlinux.org/index.php/OpenLDAP
P.S.II i have SuSE Leap 42.2
(Linux myserver 4.4.22-1-default #1 SMP Wed Sep 28 15:13:53 UTC 2016 (32db362) x86_64 x86_64 x86_64 GNU/Linux)