Hello. I have an old server with openldap-server-2.0.27_3 (+ samba schema), samba-3.0.8,1 as PDC All information stored at LDAP: domain-computers, domain-users
So, i have a record for computer:
dn: uid=ws01$,ou=People,o=campus,c=ru uidNumber: 2000 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false objectClass: top objectClass: posixAccount objectClass: sambaAccount uid: ws01$ logonTime: 0 logoffTime: 2147483647 kickoffTime: 2147483647 pwdMustChange: 2147483647 displayName: ws01$ cn: ws01$ description: Computer rid: 5000 primaryGroupID: 2107 acctFlags: [W ] creatorsName: cn=Manager,o=campus,c=ru createTimestamp: 20060324104820Z pwdCanChange: 1162105007 ntPassword: A49B017193432C718AA03C008C681836 pwdLastSet: 1162105007 modifiersName: cn=Manager,o=campus,c=ru modifyTimestamp: 20061029065647Z
I am commented lines "creatorsName, createTimestamp, modifiersName, modifyTimestamp" and obtained ldiff-record to add it to another ldap server.
The problem is that i could not add domain-computers to new server with openldap-server-2.3.30! All users were added from old ldap to new, but i have a problem with computers! Here is the error
adding new entry "uid=ws01$,ou=People,o=campus,c=ru" ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute
debug.log (256) Nov 23 13:40:38 new slapd[765]: conn=0 fd=12 ACCEPT from IP=127.0.0.1:57407 (IP=127.0.0.1:389) Nov 23 13:40:38 new slapd[765]: conn=0 op=0 BIND dn="cn=manager,o=campus,c=ru" method=128 Nov 23 13:40:38 new slapd[765]: conn=0 op=0 BIND dn="cn=Manager,o=campus,c=ru" mech=SIMPLE ssf=0 Nov 23 13:40:38 new slapd[765]: conn=0 op=0 RESULT tag=97 err=0 text= Nov 23 13:40:38 new slapd[765]: conn=0 op=1 ADD dn="uid=ws01$,ou=People,o=campus,c=ru" Nov 23 13:40:38 new slapd[765]: No structuralObjectClass for entry (uid=ws01$,ou=People,o=campus,c=ru) Nov 23 13:40:38 new slapd[765]: conn=0 op=1 RESULT tag=105 err=80 text=no structuralObjectClass operational attribute Nov 23 13:40:38 new slapd[765]: conn=0 op=2 UNBIND Nov 23 13:40:38 new slapd[765]: conn=0 fd=12 closed
If i try to add this ldiff record at old openldap, it works fine.
This error indicates an object class violation. Likely none of the classes listed in the objectClass attribute are structural or multiple, unrelated, classes are structural in the entry. Check the schema.
2.0 didn't check for such violations. Later versions do. Unforunately, some versions (like 2.3) misreport these violation. Looks like a bug fix needs to be back ported....
As this comes up frequently, I've added an answer to the FAQ at: http://www.openldap.org/faq/index.cgi?file=1385
Kurt
On Thursday 23 November 2006 12:43, Roman Yushin wrote:
Hello. I have an old server with openldap-server-2.0.27_3 (+ samba schema), samba-3.0.8,1 as PDC
It looks more like 2.2.x (or 3.0.x with the legacy schema).
All information stored at LDAP: domain-computers, domain-users
So, i have a record for computer:
dn: uid=ws01$,ou=People,o=campus,c=ru uidNumber: 2000 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false objectClass: top objectClass: posixAccount objectClass: sambaAccount uid: ws01$ logonTime: 0 logoffTime: 2147483647 kickoffTime: 2147483647 pwdMustChange: 2147483647 displayName: ws01$ cn: ws01$ description: Computer rid: 5000 primaryGroupID: 2107 acctFlags: [W ] creatorsName: cn=Manager,o=campus,c=ru createTimestamp: 20060324104820Z pwdCanChange: 1162105007 ntPassword: A49B017193432C718AA03C008C681836 pwdLastSet: 1162105007 modifiersName: cn=Manager,o=campus,c=ru modifyTimestamp: 20061029065647Z
I am commented lines "creatorsName, createTimestamp, modifiersName, modifyTimestamp" and obtained ldiff-record to add it to another ldap server.
The problem is that i could not add domain-computers to new server with openldap-server-2.3.30! All users were added from old ldap to new, but i have a problem with computers! Here is the error
adding new entry "uid=ws01$,ou=People,o=campus,c=ru" ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute
2.0.x didn't enforce the requirement for a structuralObjectclass. 2.1 and later do (you're a bit behind everyone else upgrading).
So, you will need to add a structural objectclass, account may be sufficient, inetOrgPerson is another option (but will require additional attributes).
Regards, Buchan
Roman Yushin wrote:
I have an old server with openldap-server-2.0.27_3 (+ samba schema),
This version had very loose schema checking.
objectClass: posixAccount objectClass: sambaAccount [..] adding new entry "uid=ws01$,ou=People,o=campus,c=ru" ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute
http://www.openldap.org/faq/data/cache/883.html
You should also consider updating your Samba schema which now uses AUXILIARY object class 'sambaSamAccount'.
Ciao, Michael.
openldap-software@openldap.org
-
Buchan Milne -
Kurt D. Zeilenga -
Michael Ströder -
Roman Yushin