I'd like to be able to create "sub-objects" inside each user object. So, my account is:
uid=tjg,ou=People,dc=soe,dc=ucsc,dc=edu
I'd like to be able to create an object like:
cn=foo,uid=tjg,ou=People,dc=soe,dc=ucsc,dc=edu
This object would be of objectClass "soeDegree", which I've defined as follows:
attributetype ( 1.1.2.1.32 NAME 'soeDegreeYear' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.1.2.1.33 NAME 'soeDegreeType' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.1.2.1.34 NAME 'soeDegreeDepartment' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.1.2.1.35 NAME 'soeDegreeThesisTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.1.2.1.36 NAME 'soeDegreeThesisURL' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.1.2.1.997 NAME 'soeDegree' DESC 'Jack Baskin School of Engineering Degree' SUP top STRUCTURAL MUST ( cn ) MAY ( soeDegreeYear $ soeDegreeType $ soeDegreeDepartment $ soeDegreeThesisTitle $ soeDegreeThesisURL ))
However, when I attempt to add the sub-object, the server returns:
0x35 (LDAP_UNWILLING_TO_PERFORM)
How can I tell OpenLDAP to allow me to create child objects inside accounts like this?
Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354
--On Thursday, September 03, 2009 09:41:22 AM -0700 Tim Gustafson tjg@soe.ucsc.edu wrote:
I'd like to be able to create "sub-objects" inside each user object. So, my account is:
Every entry in a LDAP directory is a "sub-object" except for the root distinguished name.
uid=tjg,ou=People,dc=soe,dc=ucsc,dc=edu
I'd like to be able to create an object like:
cn=foo,uid=tjg,ou=People,dc=soe,dc=ucsc,dc=edu
This object would be of objectClass "soeDegree", which I've defined as follows:
attributetype ( 1.1.2.1.32 NAME 'soeDegreeYear' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.1.2.1.33 NAME 'soeDegreeType' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.1.2.1.34 NAME 'soeDegreeDepartment' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.1.2.1.35 NAME 'soeDegreeThesisTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.1.2.1.36 NAME 'soeDegreeThesisURL' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.1.2.1.997 NAME 'soeDegree' DESC 'Jack Baskin School of Engineering Degree' SUP top STRUCTURAL MUST ( cn ) MAY ( soeDegreeYear $ soeDegreeType $ soeDegreeDepartment $ soeDegreeThesisTitle $ soeDegreeThesisURL ))
Pretty funky OIDs you are using in your schema definitions. For example, I would expect something like 1.3.6.1.4.1.n.1.2 for objects where n is your IANA assigned private enterprise number.
However, when I attempt to add the sub-object, the server returns:
0x35 (LDAP_UNWILLING_TO_PERFORM)
How can I tell OpenLDAP to allow me to create child objects inside accounts like this?
When using ldapadd there frequently is an additional line of information following the "unwilling to perform" message that contains more specific information about the problem.If you have not tried using ldapadd that would be a place to start.
Bill
Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354
When using ldapadd there frequently is an additional line of information following the "unwilling to perform" message that contains more specific information about the problem. If you have not tried using ldapadd that would be a place to start.
Doh! Don't laugh too hard.
I was trying to update my "test" server, which was set up as a syncrepl client, and therefore was in read-only mode.
Once I copied the schema updates to the main server and then attempted to update there, it worked correctly.
Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354
openldap-technical@openldap.org
-
Bill MacAllister -
Tim Gustafson