Creating Structural Objects Under User Records

[Tim Gustafson <tjg@soe.ucsc.edu>]

I'd like to be able to create "sub-objects" inside each user object.  So, my account is:

uid=tjg,ou=People,dc=soe,dc=ucsc,dc=edu

I'd like to be able to create an object like:

cn=foo,uid=tjg,ou=People,dc=soe,dc=ucsc,dc=edu

This object would be of objectClass "soeDegree", which I've defined as follows:

attributetype (
  1.1.2.1.32
  NAME 'soeDegreeYear'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE )

attributetype (
  1.1.2.1.33
  NAME 'soeDegreeType'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE )

attributetype (
  1.1.2.1.34
  NAME 'soeDegreeDepartment'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE )

attributetype (
  1.1.2.1.35
  NAME 'soeDegreeThesisTitle'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE )

attributetype (
  1.1.2.1.36
  NAME 'soeDegreeThesisURL'
  EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE )

objectclass (
  1.1.2.1.997
  NAME 'soeDegree'
  DESC 'Jack Baskin School of Engineering Degree'
  SUP top
  STRUCTURAL
  MUST ( cn )
  MAY ( soeDegreeYear $ soeDegreeType $ soeDegreeDepartment $ soeDegreeThesisTitle $ soeDegreeThesisURL ))

However, when I attempt to add the sub-object, the server returns:

0x35 (LDAP_UNWILLING_TO_PERFORM)

How can I tell OpenLDAP to allow me to create child objects inside accounts like this?

Tim Gustafson
Baskin School of Engineering
UC Santa Cruz
tjg@soe.ucsc.edu
831-459-5354