[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: Trying to add vacation.schema - object class violation error

To: "'Andreas'" <andreas@kado-web.de>, "'Quanah Gibson-Mount'" <quanah@zimbra.com>, <openldap-technical@openldap.org>
Subject: AW: Trying to add vacation.schema - object class violation error
From: "Andreas Cieslak" <andreas@kado-web.de>
Date: Mon, 19 Dec 2011 12:39:18 +0100
In-reply-to: <F3A3221C95464D22A2E4A5C84250EBC6@ldap3792b335e9>
Thread-index: Acy8LKdmaKTcWI7YQRCC+2JhKH6qEwAnFPsgAF44RiA=

Now i followed some pages to extend the schema with ldif-files.
Like this https://help.ubuntu.com/11.04/serverguide/C/kerberos-ldap.html
Or this
http://www.howtoforge.com/postfix-virtual-hosting-with-ldap-backend-and-with
-dovecot-pop3-imap-on-ubuntu-8.10

But when I try to
ldapadd -x -D cn=admin,cn=config -W -f cn\=\{6\}vacation.ldif
the following appears:
Enter LDAP Password: 
ldap_bind: Invalid credentials (49)

Then i found somewhere that i have to add "admin" to make changes on the
schema.
I did it also, like its described on this site
http://ubuntuforums.org/showthread.php?t=1515119

But when i try to modify the schema like this
ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif
it also dont works 

config.ldif:
dn: cn=config
changetype: modify

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}Secret

dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess

At last i made the changes described above manually in the
/etc/ldap/cn\=config/olcDatabase\=\{0\}config.ldif

dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,cn=config
olcRootPW: {SSHA}Secret
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 46b43100-b692-1030-89be-cbe1073d381b
creatorsName: cn=config
createTimestamp: 20111209091652Z
entryCSN: 20111209091652.472369Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20111209091652Z

Then it is also not working with
ldapadd -x -D cn=admin,cn=config -W -f cn\=\{6\}vacation.ldif

Error: invalid credentials.
Now iam stuck with modifying the schema.
How can add this admin who can change the schema?
Any hints?

i have another admin on a olcDatabase={1}bdb.ldif-database who is configured
as rootDN for dc=company,dc=org. 
But when i try to add with this company-admin
ldapadd -x -D cn=admin,dc=company,dc=org -W -f cn\=\{6\}vacation.ldif
ends up with "unsufficient access"

Any idea?

-----Ursprüngliche Nachricht-----
Von: openldap-technical-bounces@OpenLDAP.org
[mailto:openldap-technical-bounces@OpenLDAP.org] Im Auftrag von Andreas
Gesendet: Samstag, 17. Dezember 2011 15:40
An: 'Quanah Gibson-Mount'; openldap-technical@openldap.org
Betreff: AW: Trying to add vacation.schema - object class violation error

Thanks Quanah,

can you tell me how to import the objectClass to my entries ?

Regards
Andreas

-----Ursprüngliche Nachricht-----
Von: openldap-technical-bounces@OpenLDAP.org
[mailto:openldap-technical-bounces@OpenLDAP.org] Im Auftrag von Quanah
Gibson-Mount
Gesendet: Freitag, 16. Dezember 2011 20:42
An: Andreas Cieslak; openldap-technical@openldap.org
Betreff: Re: Trying to add vacation.schema - object class violation error

--On Friday, December 16, 2011 2:28 PM +0100 Andreas Cieslak 
<andreas@kado-web.de> wrote:

>
>
> Hi list,
>
>
>
> I need some urgent advices on the openldap-scheme extension.
>
> My openldap version is slapd 2.4.23 on a debian squezze machine.
>
>
>
> When I try to activate vacation on the webmail-system roundcube (the
> webmailer and the plugins are working fine) it says the the activation is
> stored, but when I have a look into the logs of round cube, they say:
>
> [16-Dec-2011 11:20:29] Could not add new values to attribute
> vacationActive: Object class violation: LDAP_OBJECT_CLASS_VIOLATION (65):
>
> [16-Dec-2011 11:20:29] Could not modify entry: Could not add new values
> to attribute vacationActive: Object class violation:
> LDAP_OBJECT_CLASS_VIOLATION:  (1000):
>
>
>
> The slapd-logs shows the following when I try to activate vacation:
>
>
>
> conn=1221 op=4 MOD dn="cn=admin,dc=domain,dc=de"
>
> slapd[14608]: conn=1221 op=4 MOD attr=vacationActive
>
> serv slapd[14608]: slap_queue_csn: queing 0xb58969b6
> 20111216110200.012914Z#000000#000#000000
>
> serv slapd[14608]: Entry (cn=ldapadmin,dc=folkwang-hochschule,dc=de),
> attribute 'vacationActive' not allowed
>
> serv slapd[14608]: entry failed schema check: attribute 'vacationActive'
> not allowed
>
> serv slapd[14608]: conn=1221 op=4 RESULT tag=103 err=65 text=attribute
> 'vacationActive' not allowed
>
>
>
> The following is my vacation.schema which I add to /etc/ldap/slapd.conf:
>
>
>
> attributetype ( 1.3.6.1.4.1.39116.1.1.11
>
>         NAME 'vacationActive'
>
>         SINGLE-VALUE
>
>         EQUALITY booleanMatch
>
>         DESC 'A flag, for marking the user as being away'
>
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
>
> attributetype ( 1.3.6.1.4.1.39116.1.1.12
>
>         NAME 'vacationInfo'
>
>         SINGLE-VALUE
>
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
>
>         DESC 'Absentee note to leave behind, while on vacation'
>
>         EQUALITY octetStringMatch )
>
> attributetype ( 1.3.6.1.4.1.39116.1.1.13
>
>         NAME 'vacationStart'
>
>         SINGLE-VALUE
>
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
>
>         DESC 'Beginning of vacation'
>
>         EQUALITY octetStringMatch )
>
> attributetype ( 1.3.6.1.4.1.39116.1.1.14
>
>         NAME 'vacationEnd'
>
>         SINGLE-VALUE
>
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
>
>         DESC 'End of vacation'
>
>         EQUALITY octetStringMatch )
>
> attributetype (1.3.6.1.4.1.39116.1.1.15
>
>         NAME 'vacationForward'
>
>         EQUALITY caseIgnoreIA5Match
>
>         SUBSTR caseIgnoreIA5SubstringsMatch
>
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
>
>         DESC 'Where to forward mails to, while on vacation' )
>
>#
>
># Objects start here
>
>#
>
> objectclass ( 1.3.6.1.4.1.39116.1.2.10 NAME 'vacation'
>
>         SUP top AUXILIARY
>
>         DESC 'Users vacation status information'
>
>         MUST vacationActive
>
>         MAY ( vacationInfo $ vacationStart $ vacationEnd $
> vacationForward ) )
>
>
>
> I imported a user with the object class vacation and the attributes
> vacationActive, vacationInfo ? into my ldap database.
>
> There the import looks fine.
>
> The user has got the privileges to modify the vacation attributes.
>
> But when I try to modify the entries via vacation-plugin on roundcube,
> the above errors occur.
>
> Can anybody give me some advices, please?

You need to add the vacation objectClass to your entries first, apparently. 
If you look at the logged operation, the utility you are using does not try 
to *add* anything.  Just *MOD* what it feels should be an existing 
attribute.  Obviously if the tool was well written, it would check to see 
if the entry actually had the vacation objectClass first, and then add it 
if it was missing, along with the required attributes.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: AW: Trying to add vacation.schema - object class violation error
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- AW: Trying to add vacation.schema - object class violation error
  - From: "Andreas" <andreas@kado-web.de>

Prev by Date: Re: OpenLDAP for Central Auth?
Next by Date: re: OpenLDAP for Central Auth?
Index(es):
- Chronological
- Thread