LDAP schema problems
Erik Nørgaard
norgaard at locolomo.org
Mon Apr 24 19:22:38 UTC 2006
Joerg Pulz wrote:
> On Mon, 24 Apr 2006, Erik Norgaard wrote:
>
>> b) In their infinite wisdom, those who defined the person and derivative
>> object classes did not add country to the list of possible attributes.
>> Adding this object class to the otherwise working entry:
>>
>> dn: cn=First Lastname, ou=people, dc=domain, dc=tld
>> objectClass: top
>> objectClass: organizationalPerson
>> objectClass: inetOrgPerson
>> objectClass: country
>> cn: First Lastname
>> sn: Lastname
>> l: somewhere
>> c: XX
>>
>> I again get the error:
>>
>> ldap_add: Internal (implementation specific) error (80)
>> additional info: no structuralObjectClass operational attribute
>>
>> I'd prefer not to go through the pain of defining my own schema from
>> scratch, obtain OID etc just for adding such a basic attribute, what is
>> the recommended "patch"?
>
> Erik,
>
> please try this:
>
> dn: cn=First Lastname, ou=people, dc=domain, dc=tld
> objectClass: top
> objectClass: person
> objectClass: inetOrgPerson
> cn: First Lastname
> givenName: First
> sn: Lastname
> postalAddress: some_address
> postalCode: 12345
> street: some_street
> st: some_state
> telephoneNumber: 01232234
> mobile: 0042750
> facsimileTelephoneNumber: 12470512
> pager: 38979
> homePhone: 07520326
> homePostalAddress: some_address
> mail: mail at domain.tld
> Do you need more?
I was following this example from O'Reilly:
http://www.onlamp.com/pub/a/onlamp/2003/03/27/ldap_ab.html
I checked again inetOrgPerson inherits from organizationalPerson which
inherits from person, so you can leave out the person object class. Now
I also understand the conflict mentioned in my first question. Of course
one can't mix both organizationalPerson and residentialPerson.
But question b) remains, I still like to add "country". As I understand
state, "st", applies in countries like US and Germany and should not be
used for country. friendlyCountry doesn't work because it inherit country.
It seems that to solve this I would have to define a schema with an
"auxCountry" object class which is auxiliary rather than structural and
just contains the attribute country. That would require applying of an
OID branch etc...
But maybe there is another schema I am unaware of? is there a schema
repository? What do multinational organizations do?
Thanks, Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F0C.crt
Subject ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
Fingerprint: 7F:80:96:EA:95:92:E2:23:1F:FA:0F:98:92:C2:CC:55:6B:9A:8C:92
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4128 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060424/c35744fc/smime.bin
More information about the freebsd-questions
mailing list