Rejected update for an attribute that wasn't being updated?

[Quanah Gibson-Mount <quanah@stanford.edu>]

Running OpenLDAP-2.2.6 + a few patches:

We had a case last night in doing testing on our test servers, where the 
master rejected an update to an entry.  What we got was:

java.lang.Exception: javax.naming.directory.SchemaViolationException: 
[LDAP: error code 65 - attribute 'suResidenceTSO' not allowed]

suResidenceTSO is an MAY attribute in the objectClass suResident.  The 
objectClass has one required attribute, suResidenceRequiredAttribute.

objectclass ( 1.3.6.1.4.1.299.11.3.110 NAME 'suCampusResident'
       DESC 'Stanford University On Campus Resident'
       AUXILIARY
       MUST ( suResidenceRequiredAttribute )
       MAY ( suResidenceCode $ suResidenceName $ suResidenceRoom $ 
suResidencePhone $ suResidenceTSO )


The ldap server shows:

Apr 15 12:00:48 ldap-test0.Stanford.EDU slapd[27386]: [ID 324647 
local4.debug] conn=514 op=49 MOD attr=suprimaryorganizationi
d suvisibaffiliation3 sugwaffiliation3 description susearchid 
sugwaffilphone1 ou sugwaffiliation1 objectclass cn sugeneralid
title sustanfordenddate suregisteredname suresidencephone 
suresidencerequiredattribute sugwaffiliation2 displayname sudisplay
namelf suregisterednamelf suaffiliation
Apr 15 12:00:48 ldap-test0.Stanford.EDU slapd[27386]: [ID 753995 
local4.debug] Entry 
(suRegID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,cn=People,dc=Stanford,dc=edu), 
attribute 'suResidenceTSO' not allowed
Apr 15 12:00:48 ldap-test0.Stanford.EDU slapd[27386]: [ID 100556 
local4.debug] entry failed schema check: attribute 'suReside
nceTSO' not allowed
Apr 15 12:00:48 ldap-test0.Stanford.EDU slapd[27386]: [ID 217296 
local4.debug] conn=514 op=49 RESULT tag=103 err=65 text=attr
ibute 'suResidenceTSO' not allowed

Any idea's?

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html