Re: confused...

[Peter M. <pet...@ma...>]

Hi,

On Tuesday 22 October 2002 16:33, you wrote:
> I'm writing a little script to keep a ldap database in sync with a
> password file. I'm getting weird errors trying to add new entries and I=
'm
> not sure what's going on. When I add the same data to the database in a=
n
> ldif form, it works fine. using perl-ldap gives me errors about invalid
> syntax or an object class violation. I'm using the following code which=
 is
> pretty much right from the examples, any ideas? I am completely stumped=
=2E
>
> #
> # if the shadow entries are commented out, I get
> # Return code: 65 Error: LDAP_OBJECT_CLASS_VIOLATION
> #
> # if not, I get
> # Return code: 21 Error: LDAP_INVALID_SYNTAX
>
> sub ldap_add_user{
>         my ($ldap,$uid,$password) =3D @_;
>         my $attrs =3D [
>                 objectClass   =3D> ["person", "organizationalPerson",
> "inetOrgPerson", "account", "posixAccount", "top", "shadowAccount"],
>                 cn            =3D> $user{$uid}{gecos},
>                 gecos         =3D> $user{$uid}{gecos},
>                 uid           =3D> $uid,
>                 homeDirectory =3D> "/home/$uid",
>                 loginShell    =3D> $user{$uid}{loginshell},
>                 shadowExpire  =3D> $user{$uid}{shadowexpire},
>                 shadowInactive=3D> $user{$uid}{shadowinactive},
>                 shadowMax     =3D> $user{$uid}{shadowmax},
>                 shadowWarning =3D> $user{$uid}{shadowwarning},
>                 shadowLastChange =3D> $user{$uid}{shadowlastchange},
>                 userPassword  =3D> "$password",
>                 uidNumber     =3D> $user{$uid}{uidnumber},
>                 gidNumber     =3D> $user{$uid}{gidnumber}
>         ];
>
>         my $result =3D ldap_add($ldap,"uid=3D$uid,$LDAP_BASE", $attrs);
>         return $result;
> }
>
> sub ldap_add{
>         my ($ldap,$dn,$attrs) =3D @_;
>         my $result =3D $ldap->add($dn, attrs =3D> [ @$attrs ] );
>         return $result;
> }

Are you doing this against OpenLDAP 2.1.x ?
In this case, the object is not legal, since inetOrgPerson and
account are STRUCTURAL objectclasses, and no object must
have different object class chains.
You may recover by defining a private STRUCTURAL objectclass
that inherits from account and inetOrgPerson. i.e.=20
   SUP ( account $ inetOrgPerson )
Of course, the attributes and objectclasses have to be loaded
into the server (with OL they are in nis.schema and inerorgperson.schema)

Have you checked the value of $user{$uid}{...}.
Are they array references ?
Do they match the syntax of the attributes ?

Yours
Peter
--=20
Peter Marschall     |   eMail: pet...@ma...
Scheffelstra=DFe 15   |          pet...@is...
97072 W=FCrzburg      |   Tel:   0931/14721
PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28 35