Hi Michael I added it using ldapadd.
I removed the account ObjectClass and now only use applicationProcess: # preset, Service Accounts, blah dn: uid=preset,ou=Service Accounts,dc=blah objectClass: top objectClass: extensibleObject objectClass: applicationProcess uid: preset cn: preset sn: preset givenName: preset title: Password Reset Account description: Service Account For Resetting Passwords Thanks, Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: [email protected] O: 212-746-6305 F: 212-746-8690 On Mon, Jan 8, 2018 at 4:49 PM, Michael Ströder <[email protected]> wrote: > Douglas Duckworth wrote: > > adding new entry "uid=preset,ou=Service Accounts,dc=blah > > ldap_add: Object class violation (65) > > additional info: invalid structural object class chain > > (account/applicationProcess) > > A directory entry must have a *single* structural object class. While > there are usually multiple structural object classes listed only one of > them is *the* structural object class. The others are parent object > classes of the structural object class. > > Since 'account' and 'applicationProcess' both directly SUP abstract > object class 'top' they count as two distinct structural object classes. > > > Though this does work as it's now in the LDAP server: > > > > dn: uid=preset,ou=Service Accounts,dc=blah > > objectClass: top > > objectClass: account > > objectClass: applicationProcess > > objectClass: simpleSecurityObject > > It's invalid and you might run into issues modifying this entry later. > You should choose either 'account' or 'applicationProcess'. > > BTW: It should normally not be possible to add such entry. > How did you add it? With slapadd or by using Relax Rules Control? > > Ciao, Michael. > >
