2:43 a.m.
Hello.
I have an old server with openldap-server-2.0.27_3 (+ samba schema),
samba-3.0.8,1 as PDC
All information stored at LDAP: domain-computers, domain-users
So, i have a record for computer:
dn: uid=ws01$,ou=People,o=campus,c=ru
uidNumber: 2000
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
objectClass: top
objectClass: posixAccount
objectClass: sambaAccount
uid: ws01$
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdMustChange: 2147483647
displayName: ws01$
cn: ws01$
description: Computer
rid: 5000
primaryGroupID: 2107
acctFlags: [W ]
creatorsName: cn=Manager,o=campus,c=ru
createTimestamp: 20060324104820Z
pwdCanChange: 1162105007
ntPassword: A49B017193432C718AA03C008C681836
pwdLastSet: 1162105007
modifiersName: cn=Manager,o=campus,c=ru
modifyTimestamp: 20061029065647Z
I am commented lines "creatorsName, createTimestamp, modifiersName,
modifyTimestamp" and obtained ldiff-record to add it to another ldap server.
The problem is that i could not add domain-computers to new server with
openldap-server-2.3.30!
All users were added from old ldap to new, but i have a problem with
computers!
Here is the error
adding new entry "uid=ws01$,ou=People,o=campus,c=ru"
ldap_add: Internal (implementation specific) error (80)
additional info: no structuralObjectClass operational attribute
debug.log (256)
Nov 23 13:40:38 new slapd[765]: conn=0 fd=12 ACCEPT from
IP=127.0.0.1:57407 (IP=127.0.0.1:389)
Nov 23 13:40:38 new slapd[765]: conn=0 op=0 BIND
dn="cn=manager,o=campus,c=ru" method=128
Nov 23 13:40:38 new slapd[765]: conn=0 op=0 BIND
dn="cn=Manager,o=campus,c=ru" mech=SIMPLE ssf=0
Nov 23 13:40:38 new slapd[765]: conn=0 op=0 RESULT tag=97 err=0 text=
Nov 23 13:40:38 new slapd[765]: conn=0 op=1 ADD
dn="uid=ws01$,ou=People,o=campus,c=ru"
Nov 23 13:40:38 new slapd[765]: No structuralObjectClass for entry
(uid=ws01$,ou=People,o=campus,c=ru)
Nov 23 13:40:38 new slapd[765]: conn=0 op=1 RESULT tag=105 err=80
text=no structuralObjectClass operational attribute
Nov 23 13:40:38 new slapd[765]: conn=0 op=2 UNBIND
Nov 23 13:40:38 new slapd[765]: conn=0 fd=12 closed
If i try to add this ldiff record at old openldap, it works fine.
8:02 a.m.
This error indicates an object class violation. Likely none
of the classes listed in the objectClass attribute are structural
or multiple, unrelated, classes are structural in the entry.
Check the schema.
2.0 didn't check for such violations. Later versions do.
Unforunately, some versions (like 2.3) misreport these violation.
Looks like a bug fix needs to be back ported....
As this comes up frequently, I've added an answer to the FAQ
at:
http://www.openldap.org/faq/index.cgi?file=1385
Kurt
8:09 a.m.
On Thursday 23 November 2006 12:43, Roman Yushin wrote:
Hello.
I have an old server with openldap-server-2.0.27_3 (+ samba schema),
samba-3.0.8,1 as PDC
It looks more like 2.2.x (or 3.0.x with the legacy schema).
All information stored at LDAP: domain-computers, domain-users
So, i have a record for computer:
dn: uid=ws01$,ou=People,o=campus,c=ru
uidNumber: 2000
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
objectClass: top
objectClass: posixAccount
objectClass: sambaAccount
uid: ws01$
logonTime: 0
logoffTime: 2147483647
kickoffTime: 2147483647
pwdMustChange: 2147483647
displayName: ws01$
cn: ws01$
description: Computer
rid: 5000
primaryGroupID: 2107
acctFlags: [W ]
creatorsName: cn=Manager,o=campus,c=ru
createTimestamp: 20060324104820Z
pwdCanChange: 1162105007
ntPassword: A49B017193432C718AA03C008C681836
pwdLastSet: 1162105007
modifiersName: cn=Manager,o=campus,c=ru
modifyTimestamp: 20061029065647Z
I am commented lines "creatorsName, createTimestamp, modifiersName,
modifyTimestamp" and obtained ldiff-record to add it to another ldap
server.
The problem is that i could not add domain-computers to new server with
openldap-server-2.3.30!
All users were added from old ldap to new, but i have a problem with
computers!
Here is the error
adding new entry "uid=ws01$,ou=People,o=campus,c=ru"
ldap_add: Internal (implementation specific) error (80)
additional info: no structuralObjectClass operational attribute
2.0.x didn't enforce the requirement for a structuralObjectclass. 2.1 and
later do (you're a bit behind everyone else upgrading).
So, you will need to add a structural objectclass, account may be sufficient,
inetOrgPerson is another option (but will require additional attributes).
Regards,
Buchan
--
Buchan Milne
ISP Systems Specialist - Monitoring/Authentication Team Leader
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
8:17 a.m.
Roman Yushin wrote:
I have an old server with openldap-server-2.0.27_3 (+ samba schema),
This version had very loose schema checking.
objectClass: posixAccount
objectClass: sambaAccount
[..]
adding new entry "uid=ws01$,ou=People,o=campus,c=ru"
ldap_add: Internal (implementation specific) error (80)
additional info: no structuralObjectClass operational attribute
http://www.openldap.org/faq/data/cache/883.html
You should also consider updating your Samba schema which now uses
AUXILIARY object class 'sambaSamAccount'.
Ciao, Michael.
5969
days inactive
5969
days old
openldap-software@openldap.org
3 comments
4 participants
participants (4)
-
Buchan Milne -
Kurt D. Zeilenga -
Michael Ströder -
Roman Yushin