Troubleshooting “ldap_add no such object (32)” Error When Adding Users to OpenLDAP Directory


2 views

The error ldap_add no such object (32) matched dn dc=domain,dc=com typically occurs when the parent entry specified in your LDIF file doesn't exist in the directory. In this case, the system couldn't find the base DN dc=domain,dc=com before attempting to add the user entry.

Before adding users, you need to ensure your directory structure exists. Let's examine a complete setup:

# First, create the base domain structure
dn: dc=domain,dc=com
objectClass: top
objectClass: domain
dc: domain

# Then create organizational units
dn: ou=People,dc=domain,dc=com
objectClass: organizationalUnit
ou: People

Here's how your files should be structured for successful operation:

domain.ldif

dn: dc=domain,dc=com
objectClass: top
objectClass: domain
dc: domain

dn: ou=People,dc=domain,dc=com
objectClass: organizationalUnit
ou: People

root.ldif

dn: uid=root,ou=People,dc=domain,dc=com
uid: root
cn: Manager
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {CRYPT}x
shadowLastChange: 17000
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/root

Follow this sequence to properly add your entries:

# First add the domain structure
ldapadd -x -D "cn=Manager,dc=domain,dc=com" -W -f /etc/openldap/domain.ldif

# Then add the user
ldapadd -x -D "cn=Manager,dc=domain,dc=com" -W -f /etc/openldap/root.ldif
  • Missing objectClass definitions (always include 'top' as the first objectClass)
  • Incorrect DN hierarchy in your LDIF files
  • Attempting to add entries before their parent entries exist
  • Insufficient objectClass definitions for the attributes you're trying to add

After successful addition, verify with:

ldapsearch -x -b "dc=domain,dc=com" "(objectclass=*)"

The error message ldap_add no such object (32) matched dn dc=domain,dc=com typically occurs when attempting to add an LDAP entry to a non-existent parent container. This common OpenLDAP administration issue stems from missing prerequisite directory structures.

In your case, the issue arises because you're trying to add a user entry (uid=root) under ou=People before creating the base DN (dc=domain,dc=com) and organizational unit structures. The LDAP server cannot find the specified Distinguished Name (DN) hierarchy.

For successful import, follow this order of operations:

# First import the base structure
ldapadd -x -D "cn=Manager,dc=domain,dc=com" -W -f /etc/openldap/domain.ldif

# Then import user entries
ldapadd -x -D "cn=Manager,dc=domain,dc=com" -W -f /etc/openldap/root.ldif

After importing, verify the structure with:

ldapsearch -x -b "dc=domain,dc=com" "(objectclass=*)"
  • Missing olcDbIndex configuration in slapd.conf
  • Incorrect permissions for the LDAP manager account
  • Firewall blocking LDAP ports (389/636)

Here's a more complete LDIF example that includes necessary object classes:

dn: dc=domain,dc=com
objectClass: top
objectClass: domain
dc: domain

dn: ou=People,dc=domain,dc=com
objectClass: top
objectClass: organizationalUnit
ou: People

dn: uid=root,ou=People,dc=domain,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
uid: root
cn: Manager
userPassword: {CRYPT}x
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/root
loginShell: /bin/bash

Enable verbose logging in slapd.conf:

loglevel 256

Check logs with:

tail -f /var/log/slapd.log