[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Attribute type is operational

On Mon, 12 Jul 2010 08:10:56 +0000, Stuart Cherrington
<stuart_cherrington@hotmail.co.uk> wrote:
> Hi,
> I'm running Openldap 2.4 on Rhel5. I've got the basics working, user
> accounts etc, but have tried adding some new schemas which I'm getting
> problems with. I followed a VERY helpful Blog at
> which allowed me to install some Oracle OID schema's so we can move away
> from Oracle OID. 
> This Blog is a little out of date and I have some attributetypes which I
> need to add-in to the schema. I've added the following 2 lines:
> attributetypes ( 2.16.840.1.113894.1.1.37 NAME 'orclGuid' EQUALITY
> caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
> directoryOperation )
> attributetypes ( 2.16.840.1.113894.1.1.1000 NAME 'orclnormdn' EQUALITY
> distinguishedNameMatch SYNTAX ''
> NO-USER-MODIFICATION USAGE directoryOperation )
> I took these from the current 10.2.0 OID installation so wasn't 100% sure
> they were correct but they are similar in construct the others found on
> blog.
> When I restart ldap2.4 I get error:
>  service ldap2.4 restart
> Checking config file /etc/openldap2.4/slapd.conf:          [FAILED]
> /etc/openldap2.4/schema/oidbase.schema: line 27 attributetypes:
> "2.16.840.1.113894.1.1.37" is operational
> slaptest2.4: bad configuration file!

This error message is complaining that the attributetype declared is an
operational attribute ("USAGE directoryOperation").

Reading through the code, I see the following comment: "operational
attributes should be defined internally". I therefore presume that you
cannot define operational attributes by way of schema files.

These attributes won't be "operational" anyway in the sense that they will
not be automatically managed by the OpenLDAP server, since it knows nothing
about them. If you just need them for compatibility with OID, I suggest you
change the declaration to make them non-operational. You'll probably want
to remove the "NO-USER-MODIFICATION" flag too, if you want to be able to
modify them with user accounts.

Hope this helps.