Re: [Samba] Smbpasswd -m -x not working, "object class violation" error

Wed, 15 Feb 2006 08:41:42 -0800

What object class is the displayName in and does the user account have that object class ? Im sure you need to have the object class before you can add/remove the attribute assigned to the object classs. 

Attributes belong to and are grouped in objectclasses.

Regards

Daniel Wilson
Systems Manager
Student and Learning Support
University of Sunderland
Tel: 0191 515 2695



Andrés Yacopino wrote:


Thanks for replying Daniel, i execute :grep -il displayName *.ldif

and i obtain:

00core.ldif
50ns-admin.ldif
50ns-iabs.ldif
99samba-schema-netscapeds5.x.ldif
99user.ldif

And also see the configuration in the console and i see:

Standard Attribute(Read Only):

Name: displayName
OID: 2.16.840.1.113730.3.1.241
Syntax: DirectoryString
Multivalued: not checked

Do you know what is wrong with this?
Thanks a lot,
Andrés.
2006/2/14, Daniel Wilson <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>: 

    Im sure this means that its trying to delete the displayName attribute
    which is more than likely not in your LDAP schema.

    Look in "<install_dir>/slapd-<hostname>/config/schema/" directory for
    your schema

    To see if "displayName" is part of any object classes in your LDAP
    schema search the schema files:

    bash# grep -il displayName
    <install_dir>/slapd-<hostname>/config/schema/*.ldif

    If its not part of your schema you may want to add this attribute to
    your 99user.ldif schema file or add the attribute via the Sun LDAP
    console (recommended):

    bash # <install_dir>/startconsole &
    Server Group > Directory  Server (Open) > Configuration > Schema >
    Attributes > Create

    -or-

    you may want to just disable schema checking in your LDAP server :

    bash # <install_dir>/startconsole &
    Server Group > Directory  Server (Open) > Configuration > Schema
    (Disable)

    Regards

    Daniel Wilson
    Systems Manager
    Student and Learning Support
    University of Sunderland
    Tel: 0191 515 2695



    Andrés Yacopino wrote:

    > Daniel, check the log as you said and i hit this:
    >
    > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema  - conn=-1 op=-1
    > msgId=-1 -
    > User error:  Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar
    <http://acasalud.com.ar>
    > <http://acasalud.com.ar>,dc=acasalud,dc=c
    > om,dc=ar", attribute "displayName" is not allowed
    >
    > What does it means?
    >
    > Thanks,
    > Andrés.
    >
    >
    >
    > 2006/2/14, Daniel Wilson < [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>
    > <mailto:[EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>>>:
    >
    >     Have you checkes the Sun LDAP errors.log file for the
    specific object
    >     class violation? Usually at
    >     <install_dir>/slapd-<hostname>/logs/errors.log
    >
    >     Daniel Wilson
    >     Systems Manager
    >     Student and Learning Support
    >     University of Sunderland
    >     Tel: 0191 515 2695
    >
    >
    >
    >     Andrés Yacopino wrote:
    >
    >     >I have deployed a samba server with Sun Java Ldap Directory.
    >     >
    >     >I sucessfully create users and deleted them when ldap delete
    >     dn=yes in
    >     >smb.conf, but when ldap delete dn=no i obtain this error when i
    >     issue a
    >     >smbpasswd -m -x command:
    >     >
    >     >ldapsam_delete_entry: Could not delete attributes for
    >     >uid=aprueba$,ou=computers,
    >     >o= acasalud.com.ar <http://acasalud.com.ar>
    >     <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar, error:
    Object
    >     class violation ()
    >     >Failed to delete entry for user aprueba$.
    >     >Failed to modify password entry for user aprueba$
    >     >
    >     >My smb.conf is:
    >     >
    >     >[global]
    >     >
    >     >   workgroup = ACASALUDROS
    >     >   server string = Sun Samba Server
    >     >   security = user
    >     >   dos filetimes = yes
    >     >   time offset = -360
    >     >   load printers = yes
    >     >   printcap name = /etc/printcap
    >     >   printing = cups
    >     >   guest account = guest
    >     >   log file = /usr/local/samba/var/log.%m
    >     >   log level = 5
    >     >   max log size = 50
    >     >   null passwords = yes
    >     >   encrypt passwords = yes
    >     >   ldap password sync = yes
    >     >   unix password sync = yes
    >     >   username level = 2
    >     >   password level = 0
    >     >   passwd program = /usr/bin/passwd %u
    >     >   passwd chat = *New* password* %n\n *new* password* %n\n
    >     *successfully*
    >     >        idmap backend = ldapsam:ldap://localhost:389
    >     >        passdb backend = ldapsam:ldap://localhost:389
    >     >        ldap admin dn = cn=Directory Manager
    >     >        ldap suffix = o= acasalud.com.ar
    <http://acasalud.com.ar>
    >     <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar
    >     >        ldap user suffix = ou=people
    >     >        ldap group suffix = ou=groups
    >     >        ldap machine suffix = ou=computers
    >     >        ldap idmap suffix = ou=idmap
    >     >        ldap delete dn = no
    >     >   socket options = TCP_NODELAY=0
    >     >   wins server = 10.11.0.2 <http://10.11.0.2>
    <http://10.11.0.2>
    >     >   dns proxy = no
    >     >
    >     >what is wrong?
    >     >
    >     >Is that works only when
    >     >
    >     >   preferred master = yes
    >     >   domain master = yes
    >     >   local master = yes
    >     >   domain logons = yes
    >     >
    >     >are yes?
    >     >Any other ideas?
    >     >
    >     >Thanks a lot.
    >     >
    >     >
    >     >--
    >     >Andrés Yacopino
    >     >
    >     >
    >
    >
    >
    >
    >
    > --
    > Andrés Yacopino






--
Andrés Yacopino 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to