Certain Out-Of-Box Attributes Not Updatable

By: John Purtle user 01 Oct 2015 at 12:28 p.m. CDT

3 Responses
John Purtle gravatar
Hello, We're currently using the OpenDJ LDAP configuration for Gluu Community Edition and one of the things my coworker and I have come across is that certain attributes, Employee Number, Employee Type, Home Address, etc cannot be updated. We initially thought it was due to some of the missing parameters in the attributes configuration or the admin/user view setting but that did not solve the issue. After investigating the OxTrust error logs, it appears that the update could not be made because "gluu violates the Directory Server schema configuration because it includes attribute employeeType which is not allowed by any of the objectclasses defined in that entry" for example. I assume the correct action to take here would be to follow the guide: [OpenDJ Admin Guide - Schema](http://opendj.forgerock.org/doc/bootstrap/admin-guide/#chap-schema) then run **ldapmodify** to update the server's entries? I find it a bit odd that some of these out-of-box attributes would be included yet not updatable without further configuration. Also, the OpenDJ Directory Server Control Panel mentioned in section 14.2, is this included with the community edition setup or is this a separate install?
None
closed

Answers

By Michael Schwartz Account Admin 01 Oct 2015 at 1:17 p.m. CDT

Copy
Michael Schwartz gravatar
The reason why some of the attributes are missing is because we are not shipping with `organizationalPerson` which is unused by most customers. I have a suggestion for you: goto the menu Configuration / JSON Configuration. For the properties `personObjectClassTypes` and `personObjectClassDisplayNames` swap `organizationalPerson` for `eduPerson` (which is for higher education). If you have existing people, you'll need to add this objectclass to everyone. If you need some tips for how to do this, let us know. You can do it with `ldapsearch` and a very simple python script. BTW, I don't think its a schema problem--just that the objectclass is missing as the messsage says. All the tools for opendj are available in `/opt/opendj/bin` To run the admin panel, you'll need to ssh to your Gluu Server using X11 forwarding in Putty or `-X` from the unix. Also, you'll need to have an X Server running. I use cygwin for this, and then run `startxwin`. However... with that said, you don't ever really need to run admin console. You can use the `/opt/opendj/bin/dsconfig` command interactively or just stop opendj and backup and edit the schema in `/opt/opendj/config/schema` Start OpenDJ and make sure there are no errors. Never edit the schema file while the server is running--your changes will be lost as schema is written to disk on server stop.

By John Purtle user 01 Oct 2015 at 2:08 p.m. CDT

Copy
John Purtle gravatar
Hello, Will make those changes and some tips on the objectclass would be appreciated!

By Michael Schwartz Account Admin 01 Oct 2015 at 2:35 p.m. CDT

Copy
Michael Schwartz gravatar
1. Write ldap password to a file called `~/.pw` 2. `/opt/opendj/bin/ldapsearch -h localhost -p 1389 -D "cn=directory manager" -j ~/.pw -T -b "o=gluu" "objectclass=eduperson" dn | grep dn > /opt/opendj/ldif/all_people.ldif` 3. `/usr/bin/python convert.py > all_people_converted.ldif` 4. `/opt/opendj/bin/ldapmodify -h localhost -p 1389 -D "cn=directory manager" -j ~/.pw -f all_people_convert.ldif` 5. Remove the file `~/.pw` Here is convert.py #!/usr/bin/python f = open("/opt/opendj/ldif/all_people.ldif") lines = f.readlines() f.close() for line in lines: print line.strip() print """changetype: modify delete: objectclass objectclass: eduPerson - add: objectclass objectclass: organizationalPerson """

Post an answer