[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multiple structural schemas not allowed (major differences between openldap 2.0.23 and 2.1.30)

On Mon, 7 Mar 2005, Mike Garey wrote:


Although I'd like to find out if there's a better fix for the above problem (such as an updated evolutionPerson.schema which I'm not aware of), it's not my main concern. The main problem I'm having is that when I attempted to import my old ldif file, I received the following error:

(65) invalid structural object class chain (evolutionPerson/officePerson)

this was for an entry that contained the following:

objectClass: top
objectClass: inetOrgPerson
objectClass: evolutionPerson
objectClass: officePerson
postalCode: H0H0H0
cn: User Name
creatorsName: cn=Manager,dc=domain,dc=com
createTimestamp: 20041208002030Z
birthDate: 02/24/1978           //birthdate is from evolutionPerson.schema
comment: test comment      //comment is from officePerson.schema

After removing at least one of evolutionPerson or officePerson (and
the related attributes), the import worked fine.  So it seems as
though it's not possible to have more than one structural object class
which refers to the same superior objectclass (or at least that's what
I've been able to discern from the mailing list messages, such as
found here: http://www.openldap.org/lists/openldap-software/200302/msg00835.html),
even though it worked fine with openldap2-2.0.23-6.3.

I assume that this problem is a result of OpenLDAP 2.1.30 being more
strict with adherence to standards than openldap2-2.0.23-6.3 was?


On a related note, I used to use the excellent phpldapadmin web interface for manipulating my ldap database, although now when attempting to add a new object class to an entry, I don't even see options for the evolutionPerson.schema or for officePerson.schema. I tracked this down to a block of code in phpldapadmin which has the comment: "// exclude any structural ones, as they'll only generate an LDAP_OBJECT_CLASS_VIOLATION". I can circumvent the check that disables showing the evolutionPerson or officePerson schema, but of course it's useless, since I then receive the afformentioned class violation.

While I can probably live without the ability to add _both_ the
officeperson and evolutionperson schemas to an entry, I really need to
be able to add at least one of them.  So if anyone can give me some
advice or hints on how I can achieve this (preferably through using
phpldapadmin), I would greatly appreciate it.  I've considered moving
back to openldap2-2.0.23-6.3, since as I mentioned, I had no problems
with it, but ideally I'd like to figure out how to get everything
working with the more current version.

The proper way to combine the attributes of two structural objectclasses into a single entry is to extend an existing schema or create a new schema by defining your own objectclass. If you'd like to do this, have a look at this section of the OpenLDAP Administrator's Guide:


If you seek more information regarding the "invalid structural
object class chain" error, have a look at these FAQ entries:


  Kirk Turner-Rustin       | Programmer/Analyst
  Ohio Wesleyan University | Libraries and Information Services
  http://www.owu.edu       | http://lis.owu.edu