[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multiple structural schemas not allowed (major differences between openldap 2.0.23 and 2.1.30)



> I was previously using openldap2-2.0.23-6.3 on my woody box, and
> everything was working fine, but after installing OpenLDAP 2.1.30 onto
> sarge (testing), I received a few errors from evolutionperson.schema,
> such as:
> (65) invalid structural object class chain (evolutionPerson/officePerson)
 
Correct.

> this was for an entry that contained the following:
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: evolutionPerson
> objectClass: officePerson

Right, thats illegal.

> After removing at least one of evolutionPerson or officePerson (and
> the related attributes), the import worked fine.  So it seems as
> though it's not possible to have more than one structural object class
> which refers to the same superior objectclass (or at least that's what
> I've been able to discern from the mailing list messages, such as
> found here:
http://www.openldap.org/lists/openldap-software/200302/msg00835.html),
> even though it worked fine with openldap2-2.0.23-6.3.

Right,  add...
objectclass ( 1.3.6.1.4.1.6921.1.12
    NAME 'mHybridPerson'
      DESC 'Combine several objectclasses to support multiple MUAs'
    SUP ( inetOrgPerson $ officePerson $ evolutionPerson )     STRUCTURAL )
... to your schema and make the object a inetOrgPerson, officePerson,
evolutionPerson, and mHybridPerson.  Then it works.  You have to seal the
broken objectclass chain.

I assume that this problem is a result of OpenLDAP 2.1.30 being more
> strict with adherence to standards than openldap2-2.0.23-6.3 was?
 
Yep.

> On a related note, I used to use the excellent phpldapadmin web
> interface for manipulating my ldap database, although now when
> attempting to add a new object class to an entry, I don't even see
> options for the evolutionPerson.schema or for officePerson.schema.  I
> tracked this down to a block of code in phpldapadmin which has the
> comment: "// exclude any structural ones, as they'll only generate an
> LDAP_OBJECT_CLASS_VIOLATION".  I can circumvent the check that
> disables showing the evolutionPerson or officePerson schema, but of
> course it's useless, since I then receive the afformentioned class
> violation.

Yep.  You can't modify the structural objectclass chain of an existing object. 
Admittedly it is a real PITA.

> While I can probably live without the ability to add _both_ the
> officeperson and evolutionperson schemas to an entry, I really need to
> be able to add at least one of them.  So if anyone can give me some
> advice or hints on how I can achieve this (preferably through using
> phpldapadmin), I would greatly appreciate it.  I've considered moving
> back to openldap2-2.0.23-6.3, since as I mentioned, I had no problems
> with it, but ideally I'd like to figure out how to get everything
> working with the more current version.

You have to drop and add an object to alter its structural objectclass chain. 
This is intended and correct behaviour.