Univention Bugzilla – Bug 35775
Some object classes in extended attributes raise "invalid structural object class chain"
Last modified: 2020-05-27 14:03:08 CEST
Adding an extended attribute with the objectClass inetOrgPerson to the user/Template module makes the Attributes unusable in templates (LDAP Error): The LDAP object could not be saved: LDAP Error Object class violation: invalid structural object class chain (univentionUserTemplate/organizationalPerson)
Ticket#: 2014091621000219 Customer reportet this when adding an EA for "ou" (organizationalPerson) to the usertemplate module.
If I understand correctly: You want to create a user template which adds the object class organizationalPerson/inetOrgPerson to the user which will be created by that template? Then this approach is wrong. You would have to create that extended attribute for a user (not for a user template). And then a user template have to be created which sets a value for the extended attribute. (which is currently not possible). I'll check in a few days if this is possible using 2 extended attributes.
A LDAP schema extension is required which adds a auxiliary object class with the wanted attributes as "MAY". The following example works: objectclass ( 2.16.840.1.113730.3.2.2123456789 NAME 'univentionInetOrgPerson' DESC 'Auxiliary object class which allows to use inetOrgPersion attributes in user templates' AUXILIARY MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) The following extended attribute adds 'carLicense' to Users and User templates: dn: cn=template,cn=custom attributes,cn=univention,dc=ldap,dc=base cn: template univentionObjectType: settings/extended_attribute univentionUDMPropertyLdapMapping: carLicense univentionUDMPropertyValueMayChange: 1 univentionUDMPropertyObjectClass: univentionInetOrgPerson univentionUDMPropertyModule: settings/usertemplate univentionUDMPropertyModule: users/user univentionUDMPropertyShortDescription: carLicense univentionUDMPropertyCLIName: carLicense objectClass: top objectClass: univentionUDMProperty objectClass: univentionObject univentionUDMPropertyLayoutDisable: 0 univentionUDMPropertyDoNotSearch: 0 univentionUDMPropertyMultivalue: 0 univentionUDMPropertyVersion: 2 univentionUDMPropertyValueRequired: 0 univentionUDMPropertyLayoutFullWidth: 0 univentionUDMPropertyDeleteObjectClass: 0 univentionUDMPropertyLayoutTabAdvanced: 0 univentionUDMPropertyLayoutOverwriteTab: 0 univentionUDMPropertyValueNotEditable: 0 @Stefan: We could also add all attributes from inetOrgPerson and parent object classes into the univentionUserTemplate schemata.
The schema for univentionUserTemplate has been adapted to include all attributes from person, organizationalPerson and inetOrgPerson. To add the attribute carLicense to User and UserTemplate two extended attributes with the same "UDM CLI name" have to be created: 1. Modules=User, LDAP object class=inetOrgPerson, LDAP attribute=carLicense 2. Modules="Settings: User Template", LDAP object class=univentionUserTemplate, LDAP attribute=carLicense Fix: svn r57312 r57313 Package: univention-ldap Version: 11.0.11-2.731.201501141228 Branch: ucs_4.0-0 Scope: errata4.0-0 YAML: 2015-01-14-univention-ldap.yaml
Ok, all attributes from inetOrgPerson, organizationalPerson and person are now allowed for univentionUserTemplate as well. Functional test: Ok Advisory: Ok
<http://errata.univention.de/ucs/4.0/46.html>