[Date Prev][Date Next] [Chronological] [Thread] [Top]

Object class violation (65): inetOrgPerson/posixGroup

Tonni, thanks again for the reply, but now I have a 
specific question, perhaps for the group.

I'm thinking of a Directory Information Tree (DIT) 
structure like:

      / | \
     /  |  \
    /   |   \
[Employee Contact Information]
[and all posixAccount, posixGroup,]
[and Kerberos stuff as well]

So I have an LDIF file:
dn: cn=Joe M. Blow,ou=People,dc=plainjoe,dc=org
cn: Joe M. Blow
sn: Blow
mail: joe@plainjoe.org
roomNumber: 1234 Dudley Hall
departmentNumber: Management
pager: 222-555-6789
objectclass: inetOrgPerson
objectclass: krb5Principal
objectclass: krb5KDCEntry
objectclass: posixAccount
objectclass: posixGroup
krb5PrincipalName: joe
krb5KeyVersionNumber: 2
uid: joe
uidNumber: 1002
gidNumber: 1002
homeDirectory: /home/joe

And when I ldapadd it, I get:

ldap_add: Object class violation (65)
        additional info: invalid structural object 
class chain (inetOrgPerson/posixGroup)

So, I can't have a node with attributes from both the 
inetOrgPerson and the posixGroup object classes?

Why?  I'd really like the attributes from both I think.  
Or should I be doing this with two branches or 

TIA for any suggestions on the right (or a better) way 
to do this...