[Samba] Smbpasswd -m -x not working, "object class violation" error

Daniel Wilson daniel.wilson at sunderland.ac.uk
Wed Feb 15 16:38:22 GMT 2006


What object class is the displayName in and does the user account have 
that object class ? Im sure you need to have the object class before you 
can add/remove the attribute assigned to the object classs.

Attributes belong to and are grouped in objectclasses.

Regards

Daniel Wilson
Systems Manager
Student and Learning Support
University of Sunderland
Tel: 0191 515 2695



Andrés Yacopino wrote:

> Thanks for replying Daniel, i execute :grep -il displayName *.ldif
>
> and i obtain:
>
> 00core.ldif
> 50ns-admin.ldif
> 50ns-iabs.ldif
> 99samba-schema-netscapeds5.x.ldif
> 99user.ldif
>
> And also see the configuration in the console and i see:
>
> Standard Attribute(Read Only):
>
> Name: displayName
> OID: 2.16.840.1.113730.3.1.241
> Syntax: DirectoryString
> Multivalued: not checked
>
> Do you know what is wrong with this?
> Thanks a lot,
> Andrés.
>
> 2006/2/14, Daniel Wilson <daniel.wilson at sunderland.ac.uk 
> <mailto:daniel.wilson at sunderland.ac.uk>>:
>
>     Im sure this means that its trying to delete the displayName attribute
>     which is more than likely not in your LDAP schema.
>
>     Look in "<install_dir>/slapd-<hostname>/config/schema/" directory for
>     your schema
>
>     To see if "displayName" is part of any object classes in your LDAP
>     schema search the schema files:
>
>     bash# grep -il displayName
>     <install_dir>/slapd-<hostname>/config/schema/*.ldif
>
>     If its not part of your schema you may want to add this attribute to
>     your 99user.ldif schema file or add the attribute via the Sun LDAP
>     console (recommended):
>
>     bash # <install_dir>/startconsole &
>     Server Group > Directory  Server (Open) > Configuration > Schema >
>     Attributes > Create
>
>     -or-
>
>     you may want to just disable schema checking in your LDAP server :
>
>     bash # <install_dir>/startconsole &
>     Server Group > Directory  Server (Open) > Configuration > Schema
>     (Disable)
>
>     Regards
>
>     Daniel Wilson
>     Systems Manager
>     Student and Learning Support
>     University of Sunderland
>     Tel: 0191 515 2695
>
>
>
>     Andrés Yacopino wrote:
>
>     > Daniel, check the log as you said and i hit this:
>     >
>     > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema  - conn=-1 op=-1
>     > msgId=-1 -
>     > User error:  Entry "uid=aprueba$,ou=computers,o= acasalud.com.ar
>     <http://acasalud.com.ar>
>     > <http://acasalud.com.ar>,dc=acasalud,dc=c
>     > om,dc=ar", attribute "displayName" is not allowed
>     >
>     > What does it means?
>     >
>     > Thanks,
>     > Andrés.
>     >
>     >
>     >
>     > 2006/2/14, Daniel Wilson < daniel.wilson at sunderland.ac.uk
>     <mailto:daniel.wilson at sunderland.ac.uk>
>     > <mailto:daniel.wilson at sunderland.ac.uk
>     <mailto:daniel.wilson at sunderland.ac.uk>>>:
>     >
>     >     Have you checkes the Sun LDAP errors.log file for the
>     specific object
>     >     class violation? Usually at
>     >     <install_dir>/slapd-<hostname>/logs/errors.log
>     >
>     >     Daniel Wilson
>     >     Systems Manager
>     >     Student and Learning Support
>     >     University of Sunderland
>     >     Tel: 0191 515 2695
>     >
>     >
>     >
>     >     Andrés Yacopino wrote:
>     >
>     >     >I have deployed a samba server with Sun Java Ldap Directory.
>     >     >
>     >     >I sucessfully create users and deleted them when ldap delete
>     >     dn=yes in
>     >     >smb.conf, but when ldap delete dn=no i obtain this error when i
>     >     issue a
>     >     >smbpasswd -m -x command:
>     >     >
>     >     >ldapsam_delete_entry: Could not delete attributes for
>     >     >uid=aprueba$,ou=computers,
>     >     >o= acasalud.com.ar <http://acasalud.com.ar>
>     >     <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar, error:
>     Object
>     >     class violation ()
>     >     >Failed to delete entry for user aprueba$.
>     >     >Failed to modify password entry for user aprueba$
>     >     >
>     >     >My smb.conf is:
>     >     >
>     >     >[global]
>     >     >
>     >     >   workgroup = ACASALUDROS
>     >     >   server string = Sun Samba Server
>     >     >   security = user
>     >     >   dos filetimes = yes
>     >     >   time offset = -360
>     >     >   load printers = yes
>     >     >   printcap name = /etc/printcap
>     >     >   printing = cups
>     >     >   guest account = guest
>     >     >   log file = /usr/local/samba/var/log.%m
>     >     >   log level = 5
>     >     >   max log size = 50
>     >     >   null passwords = yes
>     >     >   encrypt passwords = yes
>     >     >   ldap password sync = yes
>     >     >   unix password sync = yes
>     >     >   username level = 2
>     >     >   password level = 0
>     >     >   passwd program = /usr/bin/passwd %u
>     >     >   passwd chat = *New* password* %n\n *new* password* %n\n
>     >     *successfully*
>     >     >        idmap backend = ldapsam:ldap://localhost:389
>     >     >        passdb backend = ldapsam:ldap://localhost:389
>     >     >        ldap admin dn = cn=Directory Manager
>     >     >        ldap suffix = o= acasalud.com.ar
>     <http://acasalud.com.ar>
>     >     <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar
>     >     >        ldap user suffix = ou=people
>     >     >        ldap group suffix = ou=groups
>     >     >        ldap machine suffix = ou=computers
>     >     >        ldap idmap suffix = ou=idmap
>     >     >        ldap delete dn = no
>     >     >   socket options = TCP_NODELAY=0
>     >     >   wins server = 10.11.0.2 <http://10.11.0.2>
>     <http://10.11.0.2>
>     >     >   dns proxy = no
>     >     >
>     >     >what is wrong?
>     >     >
>     >     >Is that works only when
>     >     >
>     >     >   preferred master = yes
>     >     >   domain master = yes
>     >     >   local master = yes
>     >     >   domain logons = yes
>     >     >
>     >     >are yes?
>     >     >Any other ideas?
>     >     >
>     >     >Thanks a lot.
>     >     >
>     >     >
>     >     >--
>     >     >Andrés Yacopino
>     >     >
>     >     >
>     >
>     >
>     >
>     >
>     >
>     > --
>     > Andrés Yacopino
>
>
>
>
>
>
> -- 
> Andrés Yacopino 



More information about the samba mailing list