[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: multiple structural schemas not allowed (major differences between openldap 2.0.23 and 2.1.30)
> I was previously using openldap2-2.0.23-6.3 on my woody box, and
> everything was working fine, but after installing OpenLDAP 2.1.30 onto
> sarge (testing), I received a few errors from evolutionperson.schema,
> such as:
> (65) invalid structural object class chain (evolutionPerson/officePerson)
Correct.
> this was for an entry that contained the following:
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: evolutionPerson
> objectClass: officePerson
Right, thats illegal.
> After removing at least one of evolutionPerson or officePerson (and
> the related attributes), the import worked fine. So it seems as
> though it's not possible to have more than one structural object class
> which refers to the same superior objectclass (or at least that's what
> I've been able to discern from the mailing list messages, such as
> found here:
http://www.openldap.org/lists/openldap-software/200302/msg00835.html),
> even though it worked fine with openldap2-2.0.23-6.3.
Right, add...
objectclass ( 1.3.6.1.4.1.6921.1.12
NAME 'mHybridPerson'
DESC 'Combine several objectclasses to support multiple MUAs'
SUP ( inetOrgPerson $ officePerson $ evolutionPerson ) STRUCTURAL )
... to your schema and make the object a inetOrgPerson, officePerson,
evolutionPerson, and mHybridPerson. Then it works. You have to seal the
broken objectclass chain.
I assume that this problem is a result of OpenLDAP 2.1.30 being more
> strict with adherence to standards than openldap2-2.0.23-6.3 was?
Yep.
> On a related note, I used to use the excellent phpldapadmin web
> interface for manipulating my ldap database, although now when
> attempting to add a new object class to an entry, I don't even see
> options for the evolutionPerson.schema or for officePerson.schema. I
> tracked this down to a block of code in phpldapadmin which has the
> comment: "// exclude any structural ones, as they'll only generate an
> LDAP_OBJECT_CLASS_VIOLATION". I can circumvent the check that
> disables showing the evolutionPerson or officePerson schema, but of
> course it's useless, since I then receive the afformentioned class
> violation.
Yep. You can't modify the structural objectclass chain of an existing object.
Admittedly it is a real PITA.
> While I can probably live without the ability to add _both_ the
> officeperson and evolutionperson schemas to an entry, I really need to
> be able to add at least one of them. So if anyone can give me some
> advice or hints on how I can achieve this (preferably through using
> phpldapadmin), I would greatly appreciate it. I've considered moving
> back to openldap2-2.0.23-6.3, since as I mentioned, I had no problems
> with it, but ideally I'd like to figure out how to get everything
> working with the more current version.
You have to drop and add an object to alter its structural objectclass chain.
This is intended and correct behaviour.