[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Feeling stupid: cannot understand error

Alex Povolotsky a écrit :


Hi Alex,

I've installed openldap 2.1, and run into strange problem.

[12:37] server:/tmp # ldapadd -D "cn=Manager,dc=sub,dc=ru" -w password
dn: uid=tarkhil, dc=sub, dc=ru
objectClass: shadowAccount
uid: tarkhil

adding new entry "uid=tarkhil, dc=sub, dc=ru"
ldap_add: Object class violation (65)
additional info: no structural object class provided

note the "additional info", here is the explanation.

in ldapv3, an entry must have at least one structural objectclass.
The only objectclass you provided is 'shadowAccount' which is not structural, but auxiliary, as I see in the openldap schema files :
[root@fed1 root]# grep shadowAccount /etc/openldap/schema/*
/etc/openldap/schema/nis.schema:objectclass ( NAME 'shadowAccount' SUP top AUXILIARY

you MUST provide a structural objectclass, like 'inetOrgPerson' for example, which turn your example to :

dn: uid=tarkhil, dc=sub, dc=ru
objectClass: shadowAccount
objectClass: inetOrgPerson
uid: tarkhil


[12:37] server:/tmp # ldapadd -D "cn=Manager,dc=sub,dc=ru" -w password
dn: cn=test2, dc=sub, dc=ru
objectClass: posixGroup
cn: test2
gidNumber: 1024

adding new entry "cn=test2, dc=sub, dc=ru"

As far as I understand man ld_errno, in the first example slapd complaints:

An object class violation occurred (e.g., a "must"
attribute was missing from the entry).

but I cannot understand what exactly the problem is.

The same setup worked quite well on openldap 2.0...