Re: Fw: ldapadd is failing - error: Naming violation additional info: value of naming attribute 'ou'is not present in entry

[Peter Marschall <peter@adpm.de>]

Hi,

On Saturday 31 January 2004 01:16, Eric Parusel wrote:
> Howard Chu said:
> > > 'Interesting!!!'?  It was a bug in 2.0.23 that it worked.
> > > That bug has
> > > now been fixed, and it returns an error like the LDAP spec says it
> > > should.
> >
> > Yes there was a bug, but the correctness of the current behavior is
> > suspect.
>
> I'm trying to migrate to 2.1.x from 2.0.x, and I've got uid= attributes
> that don't match their DN's. :(
>
> I unfortunately can't change the uid attribute values, so there's not
> much I can do short of changing the DN's for pretty much every entry...
> (and some application logic, sadly)
> I was wondering if the following would be sane (below):
>
> Will removing this requirement for my internal LDAP server cause any
> problems
> with slapd?  Is there anything that "assumes" LDAP entries will be
> conformant
> to the "correct" behaviour?

You break the standard !
In removing these checks you break the standard which requires that the value
of the RDN must be present as an attribute value in the entry.

I've checked that uid is not single valued in OpenLDAP's 2.1.26 core schema.
Thus you may add the value in the RDN to the uid attribute.
This procedure leads to 2 uid values for your entries where the uid value 
currently differs from the RDN value.

Of course you should make sure the uids stay unique in the sense that no two
persons share the same uid.

It may also cause trouble with apllications that expect only one value in the 
uid attribute. RFC1274 that defines ud does not state thisd restriction.

Peter

-- 
Peter Marschall
eMail: peter@adpm.de