5:29 a.m.
Hi everyone. I believe this is the correct mailing list to post my question.
If not, please point me to the correct one.
I'm using Novell's JLDAP Java library (available from
http://www.openldap.org/jldap/) to talk to my OpenLDAP server from an
application developed in-house. It's been a pretty straightforward ride: I
can list users, change attributes, etc. There is, however, one thing I
haven't yet been able to implement - create a new user that inherits the
objectClass "posixAccount". According to Novell's code samples, to create
such an entry, one would do:
LDAPEntry entry = new LDAPEntry(cn);
LDAPAttributeSet attrSet = new LDAPAttributeSet();
// Object class descriptions
attrSet.add(new LDAPAttribute("objectclass", new
String("inetOrgPerson")));
// add the other attributes until all required inetOrgPerson
attributes are set
...
// add the LDAPAttributeSet
connection.add(new LDAPEntry(entry.getDN(), attrSet));
This snippet works only if the objectClass being added is an
"inetOrgPerson". Trying to add an additional objectClass called
"posixAccount" and its attributes ("gidNumber",
"description", "gecos",
"loginShell" and "userPassword") results in the following error:
LDAPException: Object Class Violation (65) Object Class Violation
LDAPException: Server Message: attribute 'uidNumber' not allowed
Upon further testing, I concluded the posixAccount objectClass is never
added, thus its attributes are in fact, not allowed.
How should I proceed to correctly add the objectClass posixAccount?
2:10 p.m.
Hi Nuno,
I have never used JLDAP but i guess you may have to write something like
this:
attrSet.add(new LDAPAttribute("objectclass", {"inetOrgPerson","
posixAccount"});
Also, have you tried with a ldif file or check your slapd config?
Regards
Xavier
2008/11/3 Nuno <nunogt(a)gmail.com>
Hi everyone. I believe this is the correct mailing list to post my
question. If not, please point me to the correct one.
I'm using Novell's JLDAP Java library (available from
http://www.openldap.org/jldap/) to talk to my OpenLDAP server from an
application developed in-house. It's been a pretty straightforward ride: I
can list users, change attributes, etc. There is, however, one thing I
haven't yet been able to implement - create a new user that inherits the
objectClass "posixAccount". According to Novell's code samples, to create
such an entry, one would do:
LDAPEntry entry = new LDAPEntry(cn);
LDAPAttributeSet attrSet = new LDAPAttributeSet();
// Object class descriptions
attrSet.add(new LDAPAttribute("objectclass", new
String("inetOrgPerson")));
// add the other attributes until all required inetOrgPerson
attributes are set
...
// add the LDAPAttributeSet
connection.add(new LDAPEntry(entry.getDN(), attrSet));
This snippet works only if the objectClass being added is an
"inetOrgPerson". Trying to add an additional objectClass called
"posixAccount" and its attributes ("gidNumber",
"description", "gecos",
"loginShell" and "userPassword") results in the following error:
LDAPException: Object Class Violation (65) Object Class Violation
LDAPException: Server Message: attribute 'uidNumber' not allowed
Upon further testing, I concluded the posixAccount objectClass is never
added, thus its attributes are in fact, not allowed.
How should I proceed to correctly add the objectClass posixAccount?
2:53 a.m.
On Mon, Nov 3, 2008 at 11:29 PM, Nuno <nunogt(a)gmail.com> wrote:
I'm using Novell's JLDAP Java library (available from
http://www.openldap.org/jldap/) to talk to my OpenLDAP server from an
application developed in-house. It's been a pretty straightforward ride: I
can list users, change attributes, etc. There is, however, one thing I
haven't yet been able to implement - create a new user that inherits the
objectClass "posixAccount". According to Novell's code samples, to create
such an entry, one would do:
LDAPEntry entry = new LDAPEntry(cn);
LDAPAttributeSet attrSet = new LDAPAttributeSet();
// Object class descriptions
attrSet.add(new LDAPAttribute("objectclass", new
String("inetOrgPerson")));
you have not added the posixAccount objectclass (or the object that defines
the attributes it complains about), like :
// Object class descriptions
attrSet.add(new LDAPAttribute("objectclass", new
String("posixAccount")));
attrSet.add(new LDAPAttribute("objectclass", new
String("inetOrgPerson")));
Each objectclass value you add expands the set of allowable attributes that
you may (in some cases, must) use, by the number of attributes defined by
that object.
If you dont include the required objecttype(s), you cannot use the
attributes they define, which is what the error is about.
eg: posixAccount allows gidNumber, uidNumber, etc.,
inetOrgPerson allows userPassword, descrption etc.,
Cheers
Brett
7:06 a.m.
Thanks for the suggestions, Xavier and Brett. I was able to create the
required objectClasses (posixAccount and inetOrgPerson) by specifying an
array of Strings in the objectClass LDAPAttribute, as per Xavier's
suggestion:
attrSet.add(new LDAPAttribute("objectclass", {"inetOrgPerson","
posixAccount"});
I tried a solution similar to Brett's suggestion before posting here, and it
doesn't work. It seems the attributes must be created simultaneously.
Thanks again.
5502
days inactive
5504
days old
openldap-software@openldap.org
3 comments
3 participants
participants (3)
-
Brett @Google -
Nuno -
Xavier Renard