Hi everyone. I believe this is the correct mailing list to post my question. If not, please point me to the correct one.
I'm using Novell's JLDAP Java library (available from http://www.openldap.org/jldap/) to talk to my OpenLDAP server from an application developed in-house. It's been a pretty straightforward ride: I can list users, change attributes, etc. There is, however, one thing I haven't yet been able to implement - create a new user that inherits the objectClass "posixAccount". According to Novell's code samples, to create such an entry, one would do:
LDAPEntry entry = new LDAPEntry(cn); LDAPAttributeSet attrSet = new LDAPAttributeSet(); // Object class descriptions attrSet.add(new LDAPAttribute("objectclass", new String("inetOrgPerson"))); // add the other attributes until all required inetOrgPerson attributes are set ... // add the LDAPAttributeSet connection.add(new LDAPEntry(entry.getDN(), attrSet));
This snippet works only if the objectClass being added is an "inetOrgPerson". Trying to add an additional objectClass called "posixAccount" and its attributes ("gidNumber", "description", "gecos", "loginShell" and "userPassword") results in the following error:
LDAPException: Object Class Violation (65) Object Class Violation LDAPException: Server Message: attribute 'uidNumber' not allowed
Upon further testing, I concluded the posixAccount objectClass is never added, thus its attributes are in fact, not allowed.
How should I proceed to correctly add the objectClass posixAccount?
Hi Nuno,
I have never used JLDAP but i guess you may have to write something like this: attrSet.add(new LDAPAttribute("objectclass", {"inetOrgPerson"," posixAccount"});
Also, have you tried with a ldif file or check your slapd config?
Regards
Xavier
2008/11/3 Nuno nunogt@gmail.com
Hi everyone. I believe this is the correct mailing list to post my question. If not, please point me to the correct one.
I'm using Novell's JLDAP Java library (available from http://www.openldap.org/jldap/) to talk to my OpenLDAP server from an application developed in-house. It's been a pretty straightforward ride: I can list users, change attributes, etc. There is, however, one thing I haven't yet been able to implement - create a new user that inherits the objectClass "posixAccount". According to Novell's code samples, to create such an entry, one would do:
LDAPEntry entry = new LDAPEntry(cn); LDAPAttributeSet attrSet = new LDAPAttributeSet(); // Object class descriptions attrSet.add(new LDAPAttribute("objectclass", newString("inetOrgPerson"))); // add the other attributes until all required inetOrgPerson attributes are set ... // add the LDAPAttributeSet connection.add(new LDAPEntry(entry.getDN(), attrSet));
This snippet works only if the objectClass being added is an "inetOrgPerson". Trying to add an additional objectClass called "posixAccount" and its attributes ("gidNumber", "description", "gecos", "loginShell" and "userPassword") results in the following error:
LDAPException: Object Class Violation (65) Object Class Violation LDAPException: Server Message: attribute 'uidNumber' not allowed
Upon further testing, I concluded the posixAccount objectClass is never added, thus its attributes are in fact, not allowed.
How should I proceed to correctly add the objectClass posixAccount?
On Mon, Nov 3, 2008 at 11:29 PM, Nuno nunogt@gmail.com wrote:
I'm using Novell's JLDAP Java library (available from http://www.openldap.org/jldap/) to talk to my OpenLDAP server from an application developed in-house. It's been a pretty straightforward ride: I can list users, change attributes, etc. There is, however, one thing I haven't yet been able to implement - create a new user that inherits the objectClass "posixAccount". According to Novell's code samples, to create such an entry, one would do:
LDAPEntry entry = new LDAPEntry(cn); LDAPAttributeSet attrSet = new LDAPAttributeSet(); // Object class descriptions attrSet.add(new LDAPAttribute("objectclass", newString("inetOrgPerson")));
you have not added the posixAccount objectclass (or the object that defines the attributes it complains about), like :
// Object class descriptions attrSet.add(new LDAPAttribute("objectclass", new String("posixAccount"))); attrSet.add(new LDAPAttribute("objectclass", new String("inetOrgPerson")));
Each objectclass value you add expands the set of allowable attributes that you may (in some cases, must) use, by the number of attributes defined by that object.
If you dont include the required objecttype(s), you cannot use the attributes they define, which is what the error is about.
eg: posixAccount allows gidNumber, uidNumber, etc., inetOrgPerson allows userPassword, descrption etc.,
Cheers Brett
Thanks for the suggestions, Xavier and Brett. I was able to create the required objectClasses (posixAccount and inetOrgPerson) by specifying an array of Strings in the objectClass LDAPAttribute, as per Xavier's suggestion:
attrSet.add(new LDAPAttribute("objectclass", {"inetOrgPerson"," posixAccount"});
I tried a solution similar to Brett's suggestion before posting here, and it doesn't work. It seems the attributes must be created simultaneously.
Thanks again.
openldap-software@openldap.org
-
Brett @Google -
Nuno -
Xavier Renard