On Fri, Feb 10, 2012, at 03:18 PM, Andy Carlson wrote: I am getting the following error when I attempt to add the account objectclass to an existing LDAP account:
invalid structural object class chain (inetOrgPerson/account) I read an explanation of which the cliffnote version was “an person is a person, not an account, so the two objectclasses can’t be on the same entry”. While that logic makes sense, I have many accounts on a Sun Directory instance that have both objectclasses. I am trying to migrate entries from Sun to an existing OpenLDAP instance, but because of this error I am unable to implement this objectclass. Ultimately, the functionality I am trying to implement is Linux Authentication. I have successfully added posixAccount and shadowAccount objectclasses, but am unable to add account. Any thoughts? Thanks much!!!, Andy Carlson Moody Bible Institute Identity Administrator | Information Systems 312-329-4385 [1]www.moody.edu I had a similar situation when I tried to upgrade a very old ldap installation that did not enforce strict schema checking. It used the account objectclass with another structural objectclass. I used some sed scripts to modify the the ldif by replacing the account objectclass with hostobject since I needed the host attribute. There were some other violations that need to be worked through, but eventually got it sorted out. References 1. http://www.moody.edu/
