Re: How to configure pwdPolicySubentry

Wed, 04 Jan 2017 21:13:18 -0800 


Le 05/01/2017 à 02:57, Ike Ikonne a écrit :
> Hi Emmanuel,
>
> Yes, in fact, the sshPublicKey is an attribute of ldapPublicKey.

That was not my qestion. What is the schema you are importing that
contains the ldapPublicKey ObjectClass and sshPublicKey attributeType ?
Is that :

#
# LDAP Public Key Patch schema for use with openssh-ldappubkey
#                              useful with PKA-LDAP also
#
# Author: Eric AUGE <[email protected]>
#
# Based on the proposal of : Mark Ruijter
#


# octetString SYNTAX
attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
    DESC 'MANDATORY: OpenSSH Public key'
    EQUALITY octetStringMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )

# printableString SYNTAX yes|no
objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top
AUXILIARY
    DESC 'MANDATORY: OpenSSH LPK objectclass'
    MUST ( sshPublicKey $ uid )
)


Otherwise, which ApacheDS version are you using ?

Last, not least, can you past the piece of code where you get the
exception ?

Side note : the piece of code producing such an error is pretty smple :

        //
--------------------------------------------------------------------
        // Extract all structural objectClasses within the entry
        //
--------------------------------------------------------------------
        for ( ObjectClass oc : ocs )
        {
            if ( oc.isStructural() )
            {
                structuralObjectClasses.add( oc );
            }
        }

        //
--------------------------------------------------------------------
        // Throw an error if no STRUCTURAL objectClass are found.
        //
--------------------------------------------------------------------

        if ( structuralObjectClasses.isEmpty() )
        {
            String message = I18n.err( I18n.ERR_60, dn );
            LOG.error( message );
            throw new LdapSchemaViolationException(
ResultCodeEnum.OBJECT_CLASS_VIOLATION, message );
        }

with :

    ERR_60=Entry {0} does not contain a STRUCTURAL ObjectClass

so bottom line, we parse the entry's ObjectClass, check for each which
is STRUCTURAL, and if we have none, then we generate the error.

I suspect the entry you inject does not contain any STRUCTURAL
ObjectClass, or that the Structural ObjectClass have been stripped out
the entry before it has been sent to the server.

Is it working when you inject the entry using Directory Studio ?

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Reply via email to