Re: multiple structural schemas not allowed (major differences between openldap 2.0.23 and 2.1.30)

["Kirk A. Turner-Rustin" <ktrustin@owu.edu>]

On Mon, 7 Mar 2005, Mike Garey wrote:

[cut]
> Although I'd like to find out if there's a better fix for the above
> problem (such as an updated evolutionPerson.schema which I'm not aware
> of), it's not my main concern.  The main problem I'm having is that
> when I attempted to import my old ldif file, I received the following
> error:
>
> (65) invalid structural object class chain (evolutionPerson/officePerson)
>
> this was for an entry that contained the following:
>
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: evolutionPerson
> objectClass: officePerson
> postalCode: H0H0H0
> cn: User Name
> creatorsName: cn=Manager,dc=domain,dc=com
> createTimestamp: 20041208002030Z
> birthDate: 02/24/1978           //birthdate is from evolutionPerson.schema
> comment: test comment      //comment is from officePerson.schema
>
> After removing at least one of evolutionPerson or officePerson (and
> the related attributes), the import worked fine.  So it seems as
> though it's not possible to have more than one structural object class
> which refers to the same superior objectclass (or at least that's what
> I've been able to discern from the mailing list messages, such as
> found here: http://www.openldap.org/lists/openldap-software/200302/msg00835.html),
> even though it worked fine with openldap2-2.0.23-6.3.
>
> I assume that this problem is a result of OpenLDAP 2.1.30 being more
> strict with adherence to standards than openldap2-2.0.23-6.3 was?

Yes.

> On a related note, I used to use the excellent phpldapadmin web
> interface for manipulating my ldap database, although now when
> attempting to add a new object class to an entry, I don't even see
> options for the evolutionPerson.schema or for officePerson.schema.  I
> tracked this down to a block of code in phpldapadmin which has the
> comment: "// exclude any structural ones, as they'll only generate an
> LDAP_OBJECT_CLASS_VIOLATION".  I can circumvent the check that
> disables showing the evolutionPerson or officePerson schema, but of
> course it's useless, since I then receive the afformentioned class
> violation.
>
> While I can probably live without the ability to add _both_ the
> officeperson and evolutionperson schemas to an entry, I really need to
> be able to add at least one of them.  So if anyone can give me some
> advice or hints on how I can achieve this (preferably through using
> phpldapadmin), I would greatly appreciate it.  I've considered moving
> back to openldap2-2.0.23-6.3, since as I mentioned, I had no problems
> with it, but ideally I'd like to figure out how to get everything
> working with the more current version.

The proper way to combine the attributes of two structural
objectclasses into a single entry is to extend an existing schema
or create a new schema by defining your own objectclass.  If you'd
like to do this, have a look at this section of the OpenLDAP
Administrator's Guide:

http://www.openldap.org/doc/admin22/schema.html#Extending%20Schema

If you seek more information regarding the "invalid structural
object class chain" error, have a look at these FAQ entries:

http://www.openldap.org/faq/data/cache/883.html
http://www.openldap.org/faq/data/cache/807.html

--
  Kirk Turner-Rustin       | Programmer/Analyst
  Ohio Wesleyan University | Libraries and Information Services
  http://www.owu.edu       | http://lis.owu.edu