Fighting with this myself /usr/share/ebox/stubs/usersandgroups/slapd-master.ldif.mas
<%args>
$dn
$password
</%args>
#dn: cn=config
#changetype: modify
#add: olcTLSCACertificateFile
#olcTLSCACertificateFile: /etc/ldap/ssl/ssl.cert
#-
#add: olcTLSCertificateFile
#olcTLSCertificateFile: /etc/ldap/ssl/ssl.cert
#-
#add: olcTLSCertificateKeyFile
#olcTLSCertificateKeyFile: /etc/ldap/ssl/ssl.key
# Allow querying the root DSE
#dn: olcDatabase={-1}frontend,cn=config
#changetype: modify
#add: olcAccess
#olcAccess: to dn.base="" by * read
#olcAccess: to dn.base="cn=subschema" by * read
# Load syncprov module
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModuleLoad: {0}back_hdb
olcModuleLoad: {1}syncprov
include: file:///etc/ldap/schema/cosine.ldif
include: file:///etc/ldap/schema/nis.ldif
include: file:///etc/ldap/schema/inetorgperson.ldif
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: <% $dn %>
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
#olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage by * break
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,$
olcAccess: {1}to attrs=userPassword,shadowLastChange by dn="cn=ebox,<% $dn %>" $
olcAccess: {2}to dn.base="" by * read
olcAccess: {3}to * by dn="cn=ebox,<% $dn %>" write by * read
olcDbIndex: objectclass eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: uid eq
olcDbIndex: memberUid eq
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint: 10 60
olcSpSessionlog: 100
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcAccess
olcAccess: to * by dn="cn=ebox,<% $dn %>" manage by * break
error I'm getting
A really nasty bug has occurred
Exception
Failed to enable: root command ldapadd -H 'ldapi://' -Y EXTERNAL -c -f /var/lib/ebox/tmp/slapd-master.ldif failed. Error output: SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 ldap_add: Naming violation (64) ldap_add: Other (e.g., implementation specific) error (80) additional info: olcAttributeTypes: Duplicate attributeType: "0.9.2342.19200300.100.1.2" ldap_add: Other (e.g., implementation specific) error (80) additional info: olcAttributeTypes: Duplicate attributeType: "1.3.6.1.1.1.1.2" ldap_add: Other (e.g., implementation specific) error (80) additional info: olcAttributeTypes: Duplicate attributeType: "2.16.840.1.113730.3.1.1" ldap_modify: Type or value exists (20) additional info: modify/add: olcAccess: value #0 already exists Command output: adding new entry "cn=module{0},cn=config" adding new entry "cn=cosine,cn=schema,cn=config" adding new entry "cn=nis,cn=schema,cn=config" adding new entry "cn=inetorgperson,cn=schema,cn=config" adding new entry "olcDatabase={1}hdb,cn=config" adding new entry "olcOverlay=syncprov,olcDatabase={1}hdb,cn=config" modifying entry "olcDatabase={0}config,cn=config" . Exit value: 20
Trace
Failed to enable: root command ldapadd -H 'ldapi://' -Y EXTERNAL -c -f /var/lib/ebox/tmp/slapd-master.ldif failed.
Error output: SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldap_add: Naming violation (64)
ldap_add: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: Duplicate attributeType: "0.9.2342.19200300.100.1.2"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: Duplicate attributeType: "1.3.6.1.1.1.1.2"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: Duplicate attributeType: "2.16.840.1.113730.3.1.1"
ldap_modify: Type or value exists (20)
additional info: modify/add: olcAccess: value #0 already exists
Command output: adding new entry "cn=module{0},cn=config"
adding new entry "cn=cosine,cn=schema,cn=config"
adding new entry "cn=nis,cn=schema,cn=config"
adding new entry "cn=inetorgperson,cn=schema,cn=config"
adding new entry "olcDatabase={1}hdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={1}hdb,cn=config"
modifying entry "olcDatabase={0}config,cn=config"
.
Exit value: 20 at /usr/share/perl5/EBox/CGI/ServiceModule/ConfigureModuleController.pm line 74
EBox::CGI::ServiceModule::ConfigureModuleController::_process('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x21...') called at /usr/share/perl5/EBox/CGI/Base.pm line 262
EBox::CGI::Base::run('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x21...') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'ServiceModule/ConfigureModuleController', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0x23885dd0)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x237f7c80)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x237f7c80)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x23885dd0)') called at -e line 0
eval {...} called at -e line 0