Entry named "entryDN" reported but does not exist anywhere in my LDIF files.

[Jason "JRSofty" Reed]

Hello,

Working with the InMemoryDirectoryService for my JUnit tests and while validating is working correctly, I get an LDAPException during the merge process. The message states:

Unable to modify entry '<<My Entry DN>>' because the entry resulting from applying the modifications would have violated the provided schema:  The entry contains attribute entryDN which is not defined in the schema.

The problem is that no where in my LDIF files is there an attribute called entryDN. Also in my code I cannot find any instance of my use of the value entryDN where could the come from?

The entry at issue is a change LDIF entry that looks like this:

dn: <<My Entry DN>>
changeType: modify
delete: mhsDLMembers;binary
-
add: mhsDLMembers
mhsDLMembers;binary:: <<Base64 encoded data>>

The exception is thrown when I perform LDIFChangeRecord.processChange(LDAPConnection) what I would like to know is where this attribute name entryDN is coming from.

[Neil Wilson]

entryDN is an operational attribute described in RFC 5020 and is intended to hold the DN of the entry containing that attribute so that it can be more easily used in search filters. The in-memory directory server automatically generates it, along with a number of other operational attributes like entryUUID, creatorsName, createTimestamp, modifiersName, modifyTimestamp, and subschemaSubentry.

Operational attributes should generally be ignored when comparing entries, but without entryDN defined in the schema, the in-memory directory server doesn't know that it's supposed to be operational.

You should be able to address this in one of two ways. One option would be to define the entryDN attribute (and if necessary the additional operational attributes) in the schema by adding the following to the schema LDIF file:

attributeTypes: ( 1.3.6.1.1.20
  NAME 'entryDN'
  DESC 'DN of the entry'
  EQUALITY distinguishedNameMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
  SINGLE-VALUE
  NO-USER-MODIFICATION
  USAGE directoryOperation
  X-ORIGIN 'RFC 5020' )
attributeTypes: ( 1.3.6.1.1.16.4
  NAME 'entryUUID'
  DESC 'UUID of the entry'
  EQUALITY uuidMatch
  ORDERING uuidOrderingMatch
  SYNTAX 1.3.6.1.1.16.1
  SINGLE-VALUE
  NO-USER-MODIFICATION
  USAGE directoryOperation
  X-ORIGIN 'RFC 4530' )
attributeTypes: ( 2.5.18.3
  NAME 'creatorsName'
  EQUALITY distinguishedNameMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
  SINGLE-VALUE
  NO-USER-MODIFICATION
  USAGE directoryOperation
  X-ORIGIN 'RFC 4512' )
attributeTypes: ( 2.5.18.1
  NAME 'createTimestamp'
  EQUALITY generalizedTimeMatch
  ORDERING generalizedTimeOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  SINGLE-VALUE
  NO-USER-MODIFICATION
  USAGE directoryOperation
  X-ORIGIN 'RFC 4512' )
attributeTypes: ( 2.5.18.4
  NAME 'modifiersName'
  EQUALITY distinguishedNameMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
  SINGLE-VALUE
  NO-USER-MODIFICATION
  USAGE directoryOperation
  X-ORIGIN 'RFC 4512' )
attributeTypes: ( 2.5.18.2
  NAME 'modifyTimestamp'
  EQUALITY generalizedTimeMatch
  ORDERING generalizedTimeOrderingMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  SINGLE-VALUE
  NO-USER-MODIFICATION
  USAGE directoryOperation
  X-ORIGIN 'RFC 4512' )
attributeTypes: ( 2.5.18.10
  NAME 'subschemaSubentry'
  EQUALITY distinguishedNameMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
  SINGLE-VALUE
  NO-USER-MODIFICATION
  USAGE directoryOperation
  X-ORIGIN 'RFC 4512' )

The other option would be to configure the in-memory directory server so that it won't try to automatically maintain these operational attributes. You can do that by calling the InMemoryDirectoryServerConfig.setGenerateOperationalAttributes method with a value of false.