[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: FreeBSD problems

To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>
Subject: RE: FreeBSD problems
From: "Patrick Childers" <PatrickC@Media-Brokers.com>
Date: Fri, 6 Jul 2001 14:59:26 -0400
Cc: "Openldap-Software \(E-mail\)" <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <5.1.0.14.0.20010706104217.031a1f90@127.0.0.1>

-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Friday, July 06, 2001 2:08 PM
To: Patrick Childers
Cc: openldap-software@OpenLDAP.org
Subject: Re: FreeBSD problems

Well, reall my main question was why does this work in Linux, and not
FreeBSD with the same versions?

> I note that your LDIF shows a couple of obvious problems,
> first the entry has not a clear structural object class.
> The structural object class of an object is determined
> by examining the superclass chains of all listed structural
> classes and selecting the ONE class which is not in the
> superclass chain any other class.

I'm still a little new to ldap, so this is a little over my head.

> That's an object class violation.  slapd
> doesn't check for this violation yet.

If slapd doesn't check for it, then there must be another error right?

I created this LDIF from the 'directory_administrator' program
( http://sourceforge.net/projects/directoryadmin/ )

Thanks
Patrick Childers

At 08:30 AM 7/6/2001, Patrick Childers wrote:
>We are currently using openldap 2.0.11 linux in house to run our directory.
>Our webhost is using openldap 2.0.11 on freebsd, when we try to add new
>users to the ldap directory it returns an object class violation.

I suspect these are unrelated to the *.schema diff you provided.
While the versions of the *.schema SUPing 'person' are broken,
I don't suspect that's the problem.

I note that your LDIF shows a couple of obvious problems,
first the entry has not a clear structural object class.
The structural object class of an object is determined
by examining the superclass chains of all listed structural
classes and selecting the ONE class which is not in the
superclass chain any other class.  For the entry below,
there are two structural classes, account and inetOrgPerson,
which are not in the superclass chains of other structural
classes.  That's an object class violation.  slapd
doesn't check for this violation yet.

I suggest you first select 'account' or 'inetOrgPerson'
or use a structural object class which includes both
account and inetOrgPerson in its superclass chain.

Then try to load the LDIF and check the server logs if you
have problems.

Kurt

>There are
>only a few lines dirrent in the schema files. I have include the diff -u of
>the schema files below, along with the ldif we are importing.
>
>Thanks
>
>########## LDIF ###############################################
>
>dn: uid=LisaY,ou=Woodstock,o=Media Brokers International, c=US
>objectClass: top
>objectClass: account
>objectClass: posixAccount
>objectClass: shadowAccount
>objectClass: person
>objectClass: organizationalPerson
>objectClass: inetOrgPerson
>uid: LisaY
>uidnumber: 560
>gidnumber: 500
>userpassword: PASSWORD
>shadowLastChange: 11503
>homedirectory: /home/LisaY
>loginshell: /bin/bash
>gecos: Lisa Yandel
>st: Georgia
>mail: LisaY@Media-Brokers.com
>facsimiletelephonenumber: 770-516-9234
>telephonenumber: 770-516-9234 x208
>physicaldeliveryofficename: Woodstock
>l: Woodstock
>title: Account Executive
>o: Media Brokers International
>postalcode: 30189
>ou: Sales
>cn: Lisa Yandel
>sn: Yandel
>givenname: Lisa
>street: 665 Molly Lane, Suite 150
>
>#################### END ######################################
>
>### SCHEMA DIFF ##########################################
>
>diff -u /root/schema/krb5-kdc.schema /etc/openldap/schema/krb5-kdc.schema
>--- /root/schema/krb5-kdc.schema        Fri Jul  6 02:27:25 2001
>+++ /etc/openldap/schema/krb5-kdc.schema        Mon Jun 25 22:27:31 2001
>@@ -96,7 +96,7 @@
> attributetype ( 1.3.6.1.4.1.5322.10.1.10
>        NAME 'krb5Key'
>        DESC 'Encoded ASN1 Key as an octet string'
>-       SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
>+       SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
>
> attributetype ( 1.3.6.1.4.1.5322.10.1.11
>        NAME 'krb5PrincipalRealm'
>@@ -112,7 +112,7 @@
>
> objectclass ( 1.3.6.1.4.1.5322.10.2.1
>        NAME 'krb5Principal'
>-       SUP person
>+       SUP top
>        AUXILIARY
>        MUST ( krb5PrincipalName )
>        MAY ( cn $ krb5PrincipalRealm ) )
>diff -u /root/schema/krb5-kdc.schema.default
>/etc/openldap/schema/krb5-kdc.schema.default
>--- /root/schema/krb5-kdc.schema.default        Fri Jul  6 02:27:25 2001
>+++ /etc/openldap/schema/krb5-kdc.schema.default        Mon Jun 25 22:27:31
>2001
>@@ -96,7 +96,7 @@
> attributetype ( 1.3.6.1.4.1.5322.10.1.10
>        NAME 'krb5Key'
>        DESC 'Encoded ASN1 Key as an octet string'
>-       SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
>+       SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
>
> attributetype ( 1.3.6.1.4.1.5322.10.1.11
>        NAME 'krb5PrincipalRealm'
>@@ -112,7 +112,7 @@
>
> objectclass ( 1.3.6.1.4.1.5322.10.2.1
>        NAME 'krb5Principal'
>-       SUP person
>+       SUP top
>        AUXILIARY
>        MUST ( krb5PrincipalName )
>        MAY ( cn $ krb5PrincipalRealm ) )
>Only in /etc/openldap/schema/: redhat
>
>############################################################
>
>Thanks
>
>Patrick Childers
>PatrickC@Media-Brokers.com

Follow-Ups:
- RE: FreeBSD problems
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: FreeBSD problems
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: PAM and LDAP Problem
Next by Date: RE: PAM and LDAP Problem
Index(es):
- Chronological
- Thread