[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Invalid Structural Object Class Chain (account/person)

Paul Thomas <pwthoma@anc.net> writes:

> I'm attempting to populate our LDAP database and I plan on using it for 
> both authorization and as a corporate address book.  When I attempt to 
> import the LDIF file I get the following.
> ldapadd -a -W -x -D "cn=Manager,dc=anc.net,dc=anci" -f pwthoma.ldif
> Enter LDAP Password:
> adding new entry "uid=A0971217/-2663,ou=People,dc=anc.net,dc=anci"
> ldapadd: update failed: uid=A0971217/-2663,ou=People,dc=anc.net,dc=anci
> ldap_add: Object class violation (65)
> additional info: invalid structural object class chain (account/person)
> Now, I understand that the problem is that I've got the following in my 
> LDIF file but what I don't know is what the preferred method of addressing 
> this is.  I don't think modifying the account or person objectclass in 
> their schema is ideal in this case as I'm sure they are defined that way 
> for a reason.  I would, however, prefer to keep all this in the same ou 
> (ou=People,dc=anc.net,dc=anci)
> Here is my LDIF file if it's helpful
> dn: uid=A0971217/-2663,ou=People,dc=anc.net,dc=anci
> objectClass: top
> objectClass: account
> objectClass: person
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: ANCIhr
> #objectClass: ANCIRadius
> uid: pwthoma
> cn: Paul Thomas

An object person can never be both person and account , that is, you
will hardly ever apply any of the attributes belonging to objectclass 
account to a person. Don't get confused with posixaccount and
shadowaccount, these object classes are not in the heritage-line of
account, but only auxiliary object classes. 
The attribute uid has to have the same value as in the rdn, but it is
multi valued, so you may apply multiple values, i.e.


Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521