[Date Prev][Date Next] [Chronological] [Thread] [Top]

multiple structural schemas not allowed (major differences between openldap 2.0.23 and 2.1.30)

I've just finished upgrading my system from debian woody to testing,
but have been running into quite a few problems getting my previous
openldap configuration to work.

I was previously using openldap2-2.0.23-6.3 on my woody box, and
everything was working fine, but after installing OpenLDAP 2.1.30 onto
sarge (testing), I received a few errors from evolutionperson.schema,
such as:

evolutionperson.schema: line 36: AttributeType inappropriate matching
rule: "telephoneNumberMatch"

I came across the following message from the archives which describes
the same problem, although I'm unsure of whether there is a better
solution than simply removing the offending EQUALITY lines:
http://www.openldap.org/lists/openldap-software/200210/msg00216.html

Although I'd like to find out if there's a better fix for the above
problem (such as an updated evolutionPerson.schema which I'm not aware
of), it's not my main concern.  The main problem I'm having is that
when I attempted to import my old ldif file, I received the following
error:

(65) invalid structural object class chain (evolutionPerson/officePerson)

this was for an entry that contained the following:

objectClass: top
objectClass: inetOrgPerson
objectClass: evolutionPerson
objectClass: officePerson
postalCode: H0H0H0
cn: User Name
creatorsName: cn=Manager,dc=domain,dc=com
createTimestamp: 20041208002030Z
birthDate: 02/24/1978           //birthdate is from evolutionPerson.schema
comment: test comment      //comment is from officePerson.schema

After removing at least one of evolutionPerson or officePerson (and
the related attributes), the import worked fine.  So it seems as
though it's not possible to have more than one structural object class
which refers to the same superior objectclass (or at least that's what
I've been able to discern from the mailing list messages, such as
found here: http://www.openldap.org/lists/openldap-software/200302/msg00835.html),
even though it worked fine with openldap2-2.0.23-6.3.

I assume that this problem is a result of OpenLDAP 2.1.30 being more
strict with adherence to standards than openldap2-2.0.23-6.3 was?

On a related note, I used to use the excellent phpldapadmin web
interface for manipulating my ldap database, although now when
attempting to add a new object class to an entry, I don't even see
options for the evolutionPerson.schema or for officePerson.schema.  I
tracked this down to a block of code in phpldapadmin which has the
comment: "// exclude any structural ones, as they'll only generate an
LDAP_OBJECT_CLASS_VIOLATION".  I can circumvent the check that
disables showing the evolutionPerson or officePerson schema, but of
course it's useless, since I then receive the afformentioned class
violation.

While I can probably live without the ability to add _both_ the
officeperson and evolutionperson schemas to an entry, I really need to
be able to add at least one of them.  So if anyone can give me some
advice or hints on how I can achieve this (preferably through using
phpldapadmin), I would greatly appreciate it.  I've considered moving
back to openldap2-2.0.23-6.3, since as I mentioned, I had no problems
with it, but ideally I'd like to figure out how to get everything
working with the more current version.

I realize that this question involves some components which may not be
within the domain of OpenLDAP (such as the use of the nonstandard
schemas and phpldapadmin), but hopefully someone here will have had
some experience with the same problem and may be able to offer some
guidance.  Thanks,

Mike Garey