ruby-net-ldap
ruby-net-ldap copied to clipboard
ruby-ldap
modify objectclass - Object class violation
Originally submitted by Rubyforge user cuzic4n on 2010-09-02:
I am adding and deleting all sorts of ldap entries. I can even make new entries with objectclasses, but when I want to remove an existing one or add another one I get 'object class violation'. Before you say that the ldap server is correct. I can do it with softerra ldap administrator just fine. They have a special menu option for adding/removing objectclasses to existing entries.
The entry log from the ldap server when using softerra to remove posixAccount and shadowaccount objectclasses from already existing entries.
AuditV3--2010-09-02-18:36:52.865+00:00DST--V3 SSL Modify--bindDN: cn=root--client: x.x.x.x:22795--connectionID:
1943--received: 2010-09-02-18:36:52.470+00:00DST--Success
operationResponseTime: 395
timeOnWorkQ: 0
rdbmLockWaitTime: 1
clientIOTime: 0
object: cn=myname,ou=internal,O=stuff
delete: gidNumber
delete: homeDirectory
delete: loginShell
delete: shadowFlag
delete: uidNumber
delete: userid
replace: objectClass
The entry log from the ldap server when trying using net-ldap:
AuditV3--2010-09-02-18:02:34.520+00:00DST--V3 Modify--bindDN: cn=root--client: x.x.x.x:65284--connectionID: 1935--received:
2010-09-02-18:02:34.516+00:00DST--Object class violation
operationResponseTime: 4
timeOnWorkQ: 0
rdbmLockWaitTime: 0
clientIOTime: 0
object: cn=myname,ou=internal,o=stuff
delete: userid
delete: gidnumber
delete: uidnumber
delete: loginshell
delete: homedirectory
delete: objectclass
I notice they are using a replace action. I looked at the net-ldap replace api but it doesn't support this type of call. I tried ldap.mod with ops array with even just the objectclasses listed. no luck. ldap.delete_attibute won't work for objectclasses.. ldap.replace_attribute won't work for objectclasses..
Tried the ldap.add with the attr array for adding new objectclasses to no avail. tried ldap.add_attribute for objectclass to no avail. tried ldap.replace_attribute for objectclass to no avail.
Is there any work being done for supporting adding/removing objectclasses to already existing entries?
Comment by Austin Ziegler on 2010-09-25:
There is no work in progress on this at this point; if you'd like to contribute a patch, that would help it reach production much faster.
Comment from cuzic4n on 2011-01-07:
I would like to contribute but I would need someone to help me along a here and there. Is there someone senior that would help guide me?
Comment by Austin Ziegler on 2011-03-23:
Sorry that I didn't get back to you before now; we haven't really monitored this tracker as well as we should have.
Someone might be able to help you figure this out and see if there's a change that can be made to the Net::LDAP library if you join us at the ruby-ldap Google Group: groups.google.com/group/ruby-ldap/.
I know that this issue is rather old, but I wanted to share my success story. I was able to add and remove entries from 'objectclass' attribute. I used modify function, with :add and :remove and it worked.
It is possible that along objectclass you would need to remove other attributes required by those.
