[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: posixAccount entry differences in OpenLDAP 2.0.x and 2.1.x

marc.bigler@day.com writes:

> Using OpenLDAP 2.0.x I used to enter such kind of entries:
> dn: uid=test,ou=users,dc=domain,dc=tld
> objectclass: posixAccount
> (...)
> Now I am testing a new installation of OpenLDAP 2.1.17 and I simply cannot
> enter this LDIF, ldapadd gives the following error:
> ldapadd: update failed: dn: uid=test,ou=users,dc=domain,dc=tld
> ldap_add: Object class violation (65)
>         additional info: no structural object class provided
> But now if I try using the following LDIF instead (I've simply added top
> and account objectclass): (...)

Your original entry was not valid according to rfc2252, which says that
each entry must have a structural object class.  (posixAccount is
auxiliary, account is structural.)  OpenLDAP 2.0 did not check this.
OpenLDAP 2.1 does.

You don't need to add 'top', though.  That gets added implicitly because
it is the superclass of both object classes.