adding objectclass with mandatory attribute to existing LDAP node

Question

I'm trying to setup an LDIF file which shall add a new attribute value to an existing node. The attribute is a mandatory attribute of custom objectclass.

Here is the contents of the LDIF file 'add.ldif':

dn: cn=hna,cn=Users,DC=lan,DC=test,DC=de
changetype: modify
add: objectclass
objectclass: MyCustomObjectClass
-
add: myCustomAttribute
myCustomAttribute: someValue
-

Problem: when I try add that to the LDAP server using

ldapmodify -h ... -D ... -w ... -x -f add.ldif

I get the error message

ldap_modify: Objectclass violation (65)
    additional info: 00002014: objectclass_attrs: attribute 'myCustomAttribute'
    on entry 'cn=hna,cn=Users,DC=lan,DC=test,DC=de' does not exist in the
    specified objectclasses

When I leave out the 'add' of 'myCustomAtribute' then of course then I get:

ldap_modify: Objectclass violation (65)
    additional info: 00002014: objectclass_attrs: at least one mandatory attribute
    ('myCustomAttribute') on entry 'cn=hna,cn=Users,DC=lan,DC=test,DC=de'
    wasn't specified!

Any idea what is wrong with my approach?

ldapmodify is the one from OpenLDAP; the server is a Samba V4 LDAP.

This is why it is a pain when you make an aux class attribute a mandatory. — geoffc, Mar 26 '14 at 00:38
Therefore I now have worked around the problem by changing the attribute to be only MAY. — Heiko Nardmann, Mar 26 '14 at 08:02
Your example would work with an OpenLDAP server. This seems to be a problem (or missing feature) of the Samba V4 LDAP server. Maybe with a ldapmodify program that supports atomic operations (see answer of jeemster) it could work as well. — tlo, Sep 17 '14 at 14:27

score 0 · Answer 1 · answered Mar 26 '14 at 12:07

This should work:

dn: cn=hna,cn=Users,DC=lan,DC=test,DC=de
changetype: modify
add: objectclass
objectclass: MyCustomObjectClass
add: myCustomAttribute
myCustomAttribute: someValue

There MUST be an empty line after the last line. The "-" is only needed if you want to perform separate modify operations and have them be atomic. (ie all work or all fail).

As adding the objectclass requires MUST attributes must happen in the same modification.

By the way I have noticed that some ldapmodify programs do not handle these properly.

-jim

Which ldapmodify program do you use? The one from OpenLDAP does not accept this syntax. — tlo, Sep 17 '14 at 14:23

adding objectclass with mandatory attribute to existing LDAP node

1 Answers1