directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <>
Subject Re: ldap user - groups mapping question
Date Mon, 23 Feb 2009 19:16:10 GMT
Hallo Werner!

werner mueller wrote:
> I've successfully created a new partition and a users and groups
> organizationUnit. I was able to assign users into groups using
> uniqueMember on a group (objectClass: groupOfUniqueNames)
> I am now trying to assign users into groups using the uniqueMember
> attribute on (inetOrgPerson). When i try to create a new user with
> apache ds studio i get the following error message (full error message
> below):
> Entry [...] contains more than one STRUCTURAL ObjectClass:
> [<groupOfUniqueNames>, <inetOrgPerson>]]

The way you assigned users to groups by adding an attribute to the group 
entry is the "normal" one.

Sometimes addition of group entries to user entries as an attribute is 
used as well or in addition (see Active Directory with the memberOf 

> I've seen examples that do the very same thing (for ex. at
> i don't understand why this does not work for me. some objectClasses
> seem to dont work with each other.

Exactly, an entry is only allowed two have one structural class. If it a 
new entry to be added contains two structural abject classes, which have 
no inheritance, it fails. This holds true for person and 
groupOfUniqueNames. Therefore addition of the entry fails

>     objectclass: inetOrgPerson
>     objectclass: organizationalPerson
>     objectclass: person
>     objectclass: groupOfUniqueNames
>     objectclass: top
>     mail:
>     sn: sn
>     uniquemember: cn=admins,ou=groups,dc=domain,dc=org
>     cn: cn

This is an illegal entry for the schema deployed with ApacheDS (and many 
other standard LDAP servers).

Greetings from Hamburg,

View raw message