[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid Structural Object Class Chain (account/person)

To: openldap-software@OpenLDAP.org
Subject: Re: Invalid Structural Object Class Chain (account/person)
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Thu, 10 Jun 2004 17:44:59 +0200
In-reply-to: <6.0.3.0.2.20040610091735.02462640@127.0.0.1> (Paul Thomas's message of "Thu, 10 Jun 2004 09:24:04 -0500")
References: <6.0.3.0.2.20040610091735.02462640@127.0.0.1>
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Rational FORTRAN, linux)

Paul Thomas <pwthoma@anc.net> writes:

> I'm attempting to populate our LDAP database and I plan on using it for 
> both authorization and as a corporate address book.  When I attempt to 
> import the LDIF file I get the following.
>
> ldapadd -a -W -x -D "cn=Manager,dc=anc.net,dc=anci" -f pwthoma.ldif
> Enter LDAP Password:
> adding new entry "uid=A0971217/-2663,ou=People,dc=anc.net,dc=anci"
> ldapadd: update failed: uid=A0971217/-2663,ou=People,dc=anc.net,dc=anci
> ldap_add: Object class violation (65)
> additional info: invalid structural object class chain (account/person)
>
> Now, I understand that the problem is that I've got the following in my 
> LDIF file but what I don't know is what the preferred method of addressing 
> this is.  I don't think modifying the account or person objectclass in 
> their schema is ideal in this case as I'm sure they are defined that way 
> for a reason.  I would, however, prefer to keep all this in the same ou 
> (ou=People,dc=anc.net,dc=anci)
>
> Here is my LDIF file if it's helpful
>
> dn: uid=A0971217/-2663,ou=People,dc=anc.net,dc=anci
> objectClass: top
> objectClass: account
> objectClass: person
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: ANCIhr
> #objectClass: ANCIRadius
> uid: pwthoma
> cn: Paul Thomas
[...]

An object person can never be both person and account , that is, you
will hardly ever apply any of the attributes belonging to objectclass 
account to a person. Don't get confused with posixaccount and
shadowaccount, these object classes are not in the heritage-line of
account, but only auxiliary object classes. 
The attribute uid has to have the same value as in the rdn, but it is
multi valued, so you may apply multiple values, i.e.
uid:A0971217/-2663
uid:pwthoma

-Dieter

-- 
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de

References:
- Invalid Structural Object Class Chain (account/person)
  - From: Paul Thomas <pwthoma@anc.net>

Prev by Date: Re: Entry addition conflict
Next by Date: Re: Invalid Structural Object Class Chain (account/person)
Index(es):
- Chronological
- Thread