[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ldap
Subject:    [ldap] Re: attribute 'cn' not allowed
From:       Jeff Clowser <jclowser () unitedmessaging ! com>
Date:       2005-11-11 18:25:59
Message-ID: 4374E237.9000308 () unitedmessaging ! com
[Download RAW message or body]

ALL attributes are dependent on the objectclass - other than dn (which 
is not really an attribute itself) and objectclass (which is always 
required), the values of objectclass are the sole definition of what 
other attributes can be in an entry.  The RDN is basically whatever 
attribute you choose to use to name/id it in the DN, but must be one of 
the attributes allowed for in the objectclass defs - i.e. CN is nothing 
special wrt the DN, nor is it required to be the rdn of an entry.

In order to use cn, you must include an objectclass that allows cn.  
Neither top nor organizationalunit allow for a cn attribute.  FWIW, the 
RDN of an organizationalunit entry is typically ou, not cn - your entry 
should probably look something more like:

dn: ou=10010,dc=ebit,dc=ca
objectClass: organizationalUnit
objectClass: top
ou: 10010
...

Or maybe:
dn: ou=uidPool,dc=ebit,dc=ca
objectClass: organizationalUnit
objectClass: top
ou: uidPool
...

My guess is that the server it was exported from allowed this because 
schema checking was off, and you are trying to import it into a server 
that has schema checking on.

 - Jeff

Jason Lixfeld wrote:

> This message was off-topic on openldap-software and they suggested I  
> submit this question here instead:
> 
> Trying to re-insert an object into the directory using slapadd -c -l  
> foo.ldif.  This ldif was generated via slapcat -l foo.ldif.
> 
> When I try to re-add the object, I get:
> 
> slapadd: dn="cn=uidPool,dc=ebit,dc=ca" (line=319): (65) attribute  
> 'cn' not allowed
> 
> The object is below.
> 
> dn: cn=uidPool,dc=ebit,dc=ca
> objectClass: organizationalUnit
> objectClass: top
> cn: uidPool
> entryUUID: eae956da-b251-1028-9b7e-f0d7ce1991b0
> creatorsName: cn=Manager,dc=ebit,dc=ca
> createTimestamp: 20041014172624Z
> ou: 10010
> entryCSN: 20041014172903Z#000001#00#000000
> modifiersName: cn=Manager,dc=ebit,dc=ca
> modifyTimestamp: 20041014172903Z
> 
> I don't understand why CN isn't allowed.  From what I have read, I  
> can't seem to find any documentation suggesting that cn is dependent  
> on any specific objectClass, rather it's requisite to a DN.
> 
> This object was initially created on OpenLDAP 2.2.15 and was re-added  
> using the above command on a few occasions without issue.  Suddenly  
> in OpenLDAP 2.2.29 this isn't the case.  I checked the release notes  
> and the CVS diffs between 2.2.15 and 2.2.29 to see if I could get  
> some indication of what changed, if anything but I'm not having much  
> luck.
> 
> Any ideas?


---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.


[prev in list] [next in list] [prev in thread] [next in thread]