Hello,

I tried to create a new objectclass and a new attribute to develop scripts to use against an ActiveDirectory.

objectlass=user

attribute=sAMAccountName

I have a new test.schema:

attributetype ( 1.2.840.113556.1.4.221

       NAME 'sAMAccountName'

       EQUALITY caseIgnoreMatch

       SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'

       SINGLE-VALUE )

objectclass ( 1.2.840.113556.1.5.9

        NAME 'user'

        DESC 'a user'

        SUP inetOrgPerson STRUCTURAL

        MUST ( cn )

        MAY ( sAMAccountName ) )

This is included in slapd.conf:

include         ./schema/core.schema

include         ./schema/cosine.schema

include         ./schema/nis.schema

include         ./schema/inetorgperson.schema

include         ./schema/openldap.schema

include         ./schema/pmi.schema

include         ./schema/ppolicy.schema

include         ./schema/dyngroup.schema

include         ./schema/test.schema

I tried to modify a dummy user after restart ldap.

modify.ldif:

dn: cn=test test,ou=Benutzer,ou=Netzwerk,dc=network,dc=de

changetype: modify

add: sAMAccountName

sAMAccountName: test

I used the ldapmodify tool:

ldapmodify -a -x -D "cn=admin,dc=network,dc=de" -w passwd -H ldap:// -f d:\modify.ldif

Eintrag cn=test test,ou=Benutzer,ou=Netzwerk,dc=network,dc=de wird geändert

ldap_modify: Objektklassenverletzung

ldap_modify: Zusätzliche Info: attribute 'sAMAccountName' not allowed

Can someone explain to me where is the mistake?

Regards,

Alex