Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-4881

Updates via Rest2ldap fail if record does not contain the necessary object class

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0
    • Fix Version/s: 6.5.0
    • Component/s: rest
    • Labels:

      Description

      With a rest2ldap config like so:

                  "managed/user": {
                      "dnTemplate": "ou=People,dc=example,dc=com",
                      "namingStrategy": {
                          "type": "serverNaming",
                          "dnAttribute": "uid",
                          "idAttribute": "entryUUID"
                      },
                      "objectClasses": [
                          "person",
                          "organizationalPerson",
                          "inetOrgPerson",
                          "iplanet-am-user-service",
                          "devicePrintProfilesContainer",
                          "kbaInfoContainer",
                          "fr-idm-managed-user-explicit"
                      ],
                      "properties": {
                          "_id": {
                              "type": "simple",
                              "ldapAttribute": "entryUUID",
                              "writability": "createOnly"
                          },
                          "userName": {
                              "primaryKey": true,
                              "type": "simple",
                              "ldapAttribute": "uid"
                          },
                          "accountStatus": {
                              "type": "simple",
                              "ldapAttribute": "fr-idm-accountStatus"
                          },
      ....
      

      When I create a managed/user, the record in DJ is created with all of the specified objectClasses. However, if there is an existing record in DJ which does not have all of the specified objectClasses already associated with it, if I update that record to include an attribute which is defined in one of those absent objectClass entries then the request will fail.

      The error from rest2ldap includes a message like : "Object Class Violation: Entry uid=bjensen,ou=People,dc=example,dc=com cannot be modified because the resulting entry would have violated the server schema: Entry uid=bjensen,ou=People,dc=example,dc=com violates the Directory Server schema configuration because it includes attribute fr-idm-accountStatus which is not allowed by any of the objectclasses defined in that entry".

      This makes it very difficult to use rest2ldap with existing data stores; ideally the specified object classes would be added to the record as needed (for example, this error could be captured and the specified objectclasses could be added to the user before retrying).

        Attachments

          Activity

            People

            • Assignee:
              matthew Matthew Swift
              Reporter:
              jake.feasel Jake Feasel
              Dev Assignee:
              Matthew Swift
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: