[Date Prev][Date Next]
Bogus "ObjectClass operational" error (ITS#1989)
Full_Name: Jim Dutton
Submission from: (NULL) (126.96.36.199)
Whilst attempting to initialize OpenLDAP-2.1.3 using data from a previously
running OpenLDAP-2.0.11 server,
I kept getting "ObjectClass operational" messages, and SLAPD would refuse to
It turns out that OpenLDAP has now decided to enforce attribute USAGE abilities,
which is what it turns out
was my problem: I used "modifiersname" and "modifytimestamp" attributes in my
declarations. In V2.1.3 (and probably other versions between 2.0.11 and 2.1.3),
these, and other attributes, are
now system/server protected if they are OpenLDAP defined with a USAGE which is
anything other than the
default of "user applications".
The affect of this unknown change, to me at least, is that my previous LDAP data
is no longer valid, and I must
go through an extensive redesign, again. The worst thing, however, is the
incorrect message text. The problem
is not a protected, operational, objectclass, but a protected, operational,
attribute which I cannot use in my
"user application" declarations. I find this very irritating, to say the least.
Please perform/provide the following changes:
1) fix the dad-blasted error message text
2) include a new distribution file called something like "Operational Changes"
wherein major changes to
OpenLDAP operations are noted such that they do not get lost in a long stream of
detailed CHANGES, or
get lost between major point-version changes where the CHANGE log files are not
carreid foreward. This
should make said major changes more readily apparent, and I, and others,
hopefully wouldn't have to waste
three days, or more, pulling out hairs trying to understand what skatterbrained
change has been put into affect.
This is not the first time that I have been "bitten" by a major operational
change in different versions of
OpenLDAP that have "blind-sided" me. Thank you for your time.