Re: schema check on => Object class violation

[Jeff Clowser <jclowser@aerotek.com>]

ramana.ramachandran@wcom.com wrote:

> Problem 1
> =========
>
> I have schema check on. When I try to modify the userpassword attr I
> get..

> The object account is defined as...
>
> objectclass account
>     requires
>         objectClass,
>         uid
>     allows
>         userPassword,
>         description

> When I turn schema check off Its working fine.

What does the entire record look like?

> BTW I have some other
> attributes (cis type and hence not defined in the slapd.user_at.conf
> file) in my univPerson class which exhibit the same behaviour.

Most likely the problem is that you are trying to
put an attribute into a record or edit a record
that violates schema - If your record has objectclass
"account", and you try to write a cn to it, and it
does not have another objectclass that allows cn,
you get an objectclass violation.  Even though
you're changing the password, maybe the script
updates other attributes that don't really need it
(I'm not familiar with the script you mentioned),
or maybe the LDAP server won't make changes to
a record (even if the changing attribute is within the
schema) if the record contains schema violations
elsewhere - dunno, but worth a look.

Best to make sure you don't have objectclass violations
anywhere :-)

--
 Jeff Clowser
 mailto:jclowser@aerotek.com       Hanover MD  21076 USA
 Phone: (410)-579-4328             7312 Parkway Drive