Adding new objectclass/attribute to existing ldap entry returns error

Question

I have created 4 new attributes on cn=schema and also created a new objectclass with the 4 attributes set as MUST.

I tried to add the objectclass to existing entry which obviously return an error because those 4 new attributes are not setup for the ldap entry.

I created an ldif file and ran ldapmodify but get object violation error. Can anyone tellme whats causing this error and if I'm missing anything.

ldif

#ldapmodify.bat -h localhost -p 1389 -D "cn=Directory Manager" -w xxxxx -a -f entry.ldif
dn: uid=user.0,ou=People,dc=example,dc=com
changetype: modify
add: disabledFlag
disabledFlag: n
-
add: passwordData
passwordData:< file:/C:\\oud\\asinst_1\\OUD\\bat\\images.png
-
add: anonymousID
anonymousID: nah
-
add: challengeResponse
challengeResponse: nah

Error after executing the command.

Processing MODIFY request for uid=user.0,ou=People,dc=example,dc=com
MODIFY operation failed
Result Code:  65 (Object Class Violation)
Additional Information:  Entry uid=user.0,ou=People,dc=example,dc=com cannot not be modified because the resulting entry would have violated the server schema: Entry uid=user.0,ou=People,dc=example,dc=com violates the Directory Server schema configuration because it includes attribute anonymousID which is not allowed by any of the objectclasses defined in that entry

LDAP installed is OUD 11gR2.

Answer 1

Finally able to solve the question myself.

This is what I did

1. Changed STRUCTURAL to ABSTRACT for the objectclass since there can be only one STRUCTURAL and updated objectclass to have MAY attributes instead of MUST.
2. used ldap port instead of admin port in the ldap modify command.

I still couldn't figure out why cant objectclass be created with MUST ? Is this chicken and egg kind of problem?