Re: Invalid structural object class chain

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Tibbetts, Ric writes:
> The situation, if I'm adding new users, and use the following combination:
> 
> {printf "objectClass: top\n"} \
> {printf "objectClass: person\n"} \
> {printf "objectClass: account\n"} \
> {printf "objectClass: organizationalPerson\n"} \
> {printf "objectClass: inetOrgPerson\n"} \
> {printf "objectClass: posixAccount\n"} \
> .
> ldap_add: Object class violation (65)
>          additional info: invalid structural object class chain 
> (person/account)

Yes.  You have a structural object class _tree_ which ends in both
account and in inetOrgPerson.  It may only end in one object class.

> Of course, if I move "account" around, the invalid chain changes
> accordingly. If I remove "account", the problem goes away. But I'd
> like to keep it in.

In that case you must add a structural object class which is a subclass
of both inetOrgPerson and account.  E.g.

objectclass ( <oid> NAME 'personalAccount'
	SUP ( inetOrgPerson $ account ) STRUCTURAL )

The other alternative is to remove account after all, and instead add
another object class which contains the attributes you want from
account.

BTW, I don't think you need to list subclasses of classes you add.
I believe they are added automatically.  That is, you only need
{printf "objectClass: personalAccount\n"} \
{printf "objectClass: posixAccount\n"} \

-- 
Hallvard