[Date Prev][Date Next]
Re: schema check on => Object class violation
At 03:19 PM 7/16/99 -0400, Jeff Clowser wrote:
>> I have schema check on. When I try to modify the userpassword attr I
>> get.. [ schema violation ]
>What does the entire record look like?
Does the record you are modifying violate schema?
>> When I turn schema check off Its working fine.
It likely does.
>Most likely the problem is that you are trying to
>put an attribute into a record or edit a record
>that violates schema - If your record has objectclass
>"account", and you try to write a cn to it, and it
>does not have another objectclass that allows cn,
>you get an objectclass violation.
>Even though you're changing the password, maybe the script
>updates other attributes that don't really need it
ldappasswd(1) (included in the distribution) only attempts
to modify userPassword.
>or maybe the LDAP server won't make changes to
>a record (even if the changing attribute is within the
>schema) if the record contains schema violations
>elsewhere - dunno, but worth a look.
Exactly. If the resulting ENTRY violates schema, an
error is returned.
>Best to make sure you don't have objectclass violations
Enabling schema checks and using ldap operations (ie: not
ldif2ldbm or other ldbm tools) to modify your directory
is the best way to ensure schema is maintained.
>>ldapsearch doesn't support -W option. I have default access set to none.
-W support needs to be added to ldapsearch (it's implemented in -devel).
Feel free to submit an ITS (preferrably with a patch)...