openldap – ldap_add：协议错误(2)附加信息：未提供任何属性

我正在尝试应用此文件：

# cat people_group.ldif
dn: ou=People,dc=my_domain,dc=com
  ou: People
  objectclass: organizationalUnit

dn: ou=Group,dc=com
  ou: Group
  objectclass: organizationalUnit

我收到此错误：

# ldapadd -x -W -D "cn=admin,dc=com"  -H ldaps://my_hostname.my_domain.com -f people_group.ldif
Enter LDAP Password:
adding new entry "ou=People,dc=com ou: People objectclass: organizationalUnit"
ldap_add: Protocol error (2)
    additional info: no attributes provided

如果我跳过这个文件并去添加下一个文件,我会得到一个不同的错误：

# ldapadd -x -W -D "cn=admin,dc=com"  -H ldaps://my_hostname.my_domain.com -f group.ldif
Enter LDAP Password:
adding new entry "cn=some_group,ou=Group,dc=com"
ldap_add: No such object (32)

我猜它找不到ou = Group,它必须由第一个给出错误的命令创建.是对的吗？

这是group.ldif中的第一个条目：

dn: cn=some_group,dc=com
objectClass: posixGroup
objectClass: top
cn: my_domain
userPassword: {crypt}x
gidNumber: 500

这是实际OpenLDAP服务器上ldapsearch的输出：

# ldapsearch -H ldapi:/// -Y EXTERNAL
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <dc=my_domain,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

以下是运行第一个命令的其他诊断信息：

# ldapadd -x -W -D "cn=admin,dc=com"  -H ldaps://my_hostname.my_domain.com -f people_group.ldif -d1
ldap_url_parse_ext(ldaps://my_hostname.my_domain.com)
ldap_create
ldap_url_parse_ext(ldaps://my_hostname.my_domain.com:636/??base)
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP my_hostname.my_domain.com:636
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 10.25.223.184:636
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect success
TLS: certdb config: configDir='/etc/pki/tls/certs' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly
TLS: cannot open certdb '/etc/pki/tls/certs',error -8018:Unknown PKCS #11 error.
TLS: loaded CA certificate file /etc/pki/ca-trust/source/anchors/digicert.intermediate.crt.
TLS: skipping 'renew-dummy-cert' - filename does not have expected format (certificate hash with numeric suffix)
TLS: skipping 'ca-bundle.crt' - filename does not have expected format (certificate hash with numeric suffix)
TLS: skipping 'make-dummy-cert' - filename does not have expected format (certificate hash with numeric suffix)
TLS: skipping 'Makefile' - filename does not have expected format (certificate hash with numeric suffix)
TLS: skipping 'ca-bundle.trust.crt' - filename does not have expected format (certificate hash with numeric suffix)
TLS: certificate [CN=my_hostname.my_domain.com] is not valid - CA cert is not valid
TLS: certificate [CN=my_hostname.my_domain.com] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
TLS certificate verification: subject: CN=my_hostname.my_domain.com,issuer: CN=my_hostname.my_domain.com,cipher: AES-256,security level: high,secret key bits: 256,total key bits: 256,cache hits: 0,cache misses: 0,cache not reusable: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 50 bytes to sd 4
ldap_result ld 0x2008420 msgid 1
wait4msg ld 0x2008420 msgid 1 (infinite timeout)
wait4msg continue ld 0x2008420 msgid 1 all 1
** ld 0x2008420 Connections:
* host: my_hostname.my_domain.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Thu Nov  5 16:47:00 2015


** ld 0x2008420 Outstanding Requests:
 * msgid 1,origid 1,status InProgress
   outstanding referrals 0,parent count 0
  ld 0x2008420 request count 1 (abandoned 0)
** ld 0x2008420 Response Queue:
   Empty
  ld 0x2008420 response count 0
ldap_chkResponseList ld 0x2008420 msgid 1 all 1
ldap_chkResponseList returns ld 0x2008420 NULL
ldap_int_select
read1msg: ld 0x2008420 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x2008420 msgid 1 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x2008420 0 new referrals
read1msg:  mark request completed,ld 0x2008420 msgid 1
request done: ld 0x2008420 msgid 1
res_errno: 0,res_error: <>,res_matched: <>
ldap_free_request (origid 1,msgid 1)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
adding new entry "ou=People,dc=com ou: People objectclass: organizationalUnit"
ldap_add_ext
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 87 bytes to sd 4
ldap_result ld 0x2008420 msgid 2
wait4msg ld 0x2008420 msgid 2 (timeout 100000 usec)
wait4msg continue ld 0x2008420 msgid 2 all 1
** ld 0x2008420 Connections:
* host: my_hostname.my_domain.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Thu Nov  5 16:47:00 2015


** ld 0x2008420 Outstanding Requests:
 * msgid 2,origid 2,parent count 0
  ld 0x2008420 request count 1 (abandoned 0)
** ld 0x2008420 Response Queue:
   Empty
  ld 0x2008420 response count 0
ldap_chkResponseList ld 0x2008420 msgid 2 all 1
ldap_chkResponseList returns ld 0x2008420 NULL
ldap_int_select
read1msg: ld 0x2008420 msgid 2 all 1
ber_get_next
ber_get_next: tag 0x30 len 34 contents:
read1msg: ld 0x2008420 msgid 2 message type add
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x2008420 0 new referrals
read1msg:  mark request completed,ld 0x2008420 msgid 2
request done: ld 0x2008420 msgid 2
res_errno: 2,res_error: <no attributes provided>,res_matched: <>
ldap_free_request (origid 2,msgid 2)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_err2string
ldap_add: Protocol error (2)
    additional info: no attributes provided

ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 4
ldap_free_connection: actually freed

ldapadd想要什么属性？

如何通过其他信息：没有提供属性错误？