At it turns out the problem was with the objectClasses.
I should have used : objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: extensibleObject Instead of objectClass: top objectClass: person objectClass: inetOrgPerson Adding the extra attributes to the objectClass resolved this problem. Thanks for all your help.
Regards Alex
On 21 Feb 2008, at 11:56, Alexander Hartner wrote:
I am trying to import a simple LDIF file into OpenDirectory on OS X 10.5.2 Leopard Server.
However when I issue the following ldapadd command I get an error :
ldapadd -D [rootdn] -x -w [secretPassword] -f Import.ldif
Error : 65 Object class violation" attribute 'apple-generateduid' not allowed
I would have thought that I had specified apple-generateduid, but I didn't.
This is my import file -----------BEGIN----------- # Alexander Hartner dn: cn=Alexander Hartner2,cn=people,dc=macbook-znet,dc=local objectClass: top objectClass: person objectClass: inetOrgPerson displayName: Alexander Hartner2 cn: Alexander Hartner2 givenName: Alexander sn: Hartner mail: alex@j2anywhere.com initials: A o: j2anywhere.com -----------END-----------
I know this might not be the best forum for OS X support, but I am a bit stuck on this. Thanks in advance. Alex
Alexander Hartner wrote:
On 21 Feb 2008, at 11:56, Alexander Hartner wrote:
I am trying to import a simple LDIF file into OpenDirectory on OS X 10.5.2 Leopard Server.
However when I issue the following ldapadd command I get an error :
ldapadd -D [rootdn] -x -w [secretPassword] -f Import.ldif
Error : 65 Object class violation" attribute 'apple-generateduid' not allowed
At it turns out the problem was with the objectClasses.
Yes.
I should have used :
* objectClass: top * objectClass: person * objectClass: organizationalPerson * objectClass: inetOrgPerson * objectClass: extensibleObject
No!
Adding extensibleObject almost disables schema checking for that entry. This is only appropriate in very special cases but in general is bad practice. E.g. a schema-aware client does not have any chance to display an appropriate input form based on schema information. And likely Apple LDAP clients will search for entries of a particular object class and might ignore your entries.
You should rather search for the right schema file and import that. A quick search turned up:
http://mattfleming.com/files/active/0/apple.schema
So the right solution is to add object class 'apple-user'.
Ciao, Michael.
Michael Ströder wrote:
You should rather search for the right schema file and import that. A quick search turned up:
This file needs some tweaking. First hints can be found here:
http://geekforce.com/2004/09/15/ldap-for-authentication-on-mac-os-x/
More things to do though to successfully import the file above.
Ciao, Michael.
openldap-technical@openldap.org
-
Alexander Hartner -
Michael Ströder