LDAP object class voilation

Hello,
When i am trying to provison the user details on to Sun one server i get an error as 65 LDAP : Object class voilation.
Can any one help me in resolving the same...
Regards,
Raghu

Raghu,
Object Class violations occur when you try to add an attribute (that is, assign a value) that is not supported by the object classes specified in your ToLDAP pass.
Try disabling all non-mandatory attributes and then re-enabling one at a time until you get the error. This is your offending attribute. You might also google for the schemas of the objectclasses you are using to get the same information.
If the attribute you are trying to add does not exist in any objectclass then you will need to extend the objectclass schema.
Hope this helps,
Matt

Similar Messages

LDAP object classes for user creation

Hello,
I use a remote LDAP for authentication, works fine. However, i want of copy some attributes from the remote LDAP into the dynamically created user profile. This works fine as long as the attributes are par5t of the standard object classes. The remote LDAP has an extra, site specific, object class for users. Since i want to use the same attribute names i added the schema extension (1 object class with a couple of attributes) to the AM LDAP. So far so good.
My question is: How do i specify the additional object class to be added to the user which is dynamicaly created?
Thanks in advance, Robert

Robert,
To resolve this, I believe that you will need to add the new objectclass to the "LDAP User Object Classes" field on the LDAP Data Store. You will also need to add the attributes to "LDAP User Attributes" on the same tab.
Hope this helps.

Directory Proxy JDBC object class

Hi all,
I'm connecting my proxy to an oracle database. When we create the jdbc object class using "dpconf" do we have to use an objectclass that already exists in the ldap directory?
for instance:
dpconf create-jdbc-object-class –v -e -h <hostname> -p 1389 -D "cn=proxy manager" -w /pw_file <my jdbc view> *<??objectclass?? >* <jdbc table> <dn>
I'm not understanding what they mean by mapping to an objectclass in ldap.
Any help or examples appreciated!!
Thanks
V.

A JDBC object class maps an LDAP object class to one or more relational database tables. A JDBC object class works in a similar way to a join data view (see Join Data Views). Just as a join data view has primary and secondary source data views, a JDBC object class can obtain its information from more than one table. One table must be defined as the primary table, and additional tables, if they exist, are defined as secondary tables. The primary table controls the list of entries and additional information on these entries is extracted from the secondary tables.
When you define a JDBC object class, e.g person, you must specify the following operands:
The name of the JDBC data view to which this object class is attached.
The name of the JDBC object class, e.g person
The primary JDBC table from which the object class will obtain its list of entries, e,g USER_TABLE
A DN pattern that controls how DNs are constructed in the data view, e.g. cn
Optionally, one or more secondary JDBC tables.
More info are available in the docs at [http://docs.sun.com/app/docs/doc/820-2765/jdbc_dataview?a=view|http://docs.sun.com/app/docs/doc/820-2765/jdbc_dataview?a=view]

11g - LDAP Sync - Select Custom Object class based on user type

Hi Gurus,
We have Ldap Sync set up between OIM 11g and ODSEE, we have some custom object class in ODSEE when the user are getting created in OIM it is getting created in ODSEE and it has all object class , every thing is working fine.
Now we have to select the object class based on user type of OIM, while pushing the user to ODSEE through LDAP sync.
we checked the LDAPUser.xml we doesnt have any option to choose custom object class based on user type.
Guys needs suggestion how to go forward on this requirement.

Do you have OVD between OIM and ODSEE? If yes, then this can be handled at OVD. By modifying the LDAP Adapter and setting up search for users with custom objectclass instead of inetorgperson.
Flow would be as follows:
OIM --> LDAPRequest to Create User with inetorgperson to OVD --> OVD --> change request's objectclass to custom objectclass --> Create user in OID with custom objectclass
~Yagnesh

LDAP BC QUESTION ABOUT OBJECT CLASSES

Hi
i am working with a bpel and its ldap-bc, when i create an entry in my ldap through the bpel it has all the object classes from the attributes i set. for example if i set cn and sn attributes then my entry has the object class person; i want to know if there is any way of setting object classes to my entry on the ldap, even if i am not setting any attributes; for example if i only set the cn and sn attributes using the bpel, i still can tell the entry that it can has another objectclass like iplanet-am-user-service with out setting any of its attributes.
thanks for your help

Actually, I'm not getting duplicate objects, but I like to get rid of
doubles in one particular column.
For example if I had a table as follows:
Table DESC
int pkid
String description
description can contain duplicate entries, I want to query as follows:
select distinct description from DESC
How could I write a query which retrieves all tuples in a table, but removes
duplicate from a specific column?
Thanks.
Andreas.
Abe White wrote:
How does the engine use DISTINCT automatically?It detects whether joins are made such that duplicate rows might be
returned from the JDOQL filter, and if so adds a DISTINCT.
What I basically want to do is to remove any doubles I get from the
query. When I turn logging on to see the sql statement, I only get a
SELECT without the DISTINCT keyword.You shouldn't be getting doubles. If you are, could you please post the
offending JDOQL filter and give some description of the schema and/or
object model? There is a bug in Kodo in which some queries involving OR
clauses and joins are not made DISTINCT when they should be, but it has
been resolved for our upcoming 2.5 release.
Is there also a way I can specify GROUP BY?No, JDOQL does not have an equivalent to GROUP BY.

Adding object classes when creating ldap user in workflow

I'm creating ldap users in a workflow and when I assign the object classes in the workflow I get an object class violation. It seems that when I call check in view and when my break point stops in Update User the default object classes on the resource have been removed from the user.accounts[LDAP].objectClass attribute which I just set. Not sure what's going on here. Is there another way to assign more than just the default object classes to a new ldap user through the workflow? Thanks in advance.

Multiple things I can think of
1) put all the object classes you may be expecting with the user account in the resource configuration panel. LDAP is smart enough to assign the related object classes to the object based on the attributes assigned to the user.
2) Check if you have the object class in the schema of LDAP.

Adding a Custom Object Class When You Create an LDAP Object

Hi all,
under which path i can configure below material ?
http://docs.sun.com/app/docs/doc/819-4438/gatkz?l=en&a=view
Cheer
ubd

Hi Shane,
I cannot search any
ou=basicuser,
do u know the DN when DA use to create default user ?
we create customize bulk add using perl script, the object class for our custormize bulk add are
top, iplanet-am-managed-person, iplanet-am-user-service, organizationalperson, inetadmin, sunimuser, person, inetOrgPerson, sunamauthaccountlockout, inetuser, inetlocalmailrecipient, sunpresenceuser, iplanetpreferences, ipuser, inetsubscriber, inetmailuser, UBDStaff, userpresenceprofile, sunucpreferences, icscalendarusercode}
these are the object class create by DA by default userpresenceprofile, sunucpreferences, iplanet-am-user-service, icscalendaruser, top, iplanet-am-managed-person, organizationalperson, inetadmin, sunimuser, person, sunamauthaccountlockout, inetuser, inetlocalmailrecipient, sunpresenceuser, iplanetpreferences, ipuser, inetorgperson, inetsubscriber, inetmailuserI need to customize the DA default user management so i can use the web console to add new user.
Cheer
ubd

Object class name does not exist in IDM

Hi Team
We are process of Integrating GRC 10.1 to Enterprise Portal.Followed accordingly as per the SAP Note No. 1977781.
While running the Schema Job, we get a message Schema Imported Suxcessfully. While running the Job : GRAC_REPOSITORY_SYNC_JOB, the job
shows successful, but a Warning Message : User Adaptor Empty in SLG1 T.code.
I have checked the Path suffix,connectors,data source and all are maintained but no sure about this warning message.
Secondly,I tried for test creation of user on Portal via GRC 10.1.I am getting below error
"Object class name does not exist in IDM" Please see log below
Request gets closed stating Auto Provisioning failed.Please advice if someone has faced same issue and the steps taken to rectify it.
Thanks
Nitesh

Hi Nitesh,
We worked on this issue for quiet sometime with SAP to get this finally fixed You can check all below mentioned notes.
First Check:
Please check the Note: 1915763 - Error Provisioning from GRC 10 to SAP Portal while adding or removing a role in Change Account request type.
This Note says that if your LDAP set as data source is read-only in Portal, then you need to change it to Modifiable in order to allow create or change user belonging to LDAP.
We have set the UME correctly and no longer read-only. But our access requests still used to fail with the following messages.
"Object class name does not exist in IDM".
Second Check:
Kindly ensure the field mapping for portal is done in IMG settings properly.
If it is fine please check below note 2033714 - AC10.0: error in SGL1 "Object class name does not exist in IDM".
This note is only to check if you have made any mistake with your portal mapping and doesn't address the correct issue.
Third Check:
Finally after implementing SAP note 1941250 - UAM: Truncated parameters provisioned on changing users from Access Request
our issue got fixed.
Regards,
Madhu.

How to create custom attributes & object classes through ldif files in OID

Hi,
I have to create 4 attributes and one object class(custom) in OID. I want to creae these attributes and object class through LDIF file.
I tried creating an attribute through this command
ldapadd -p 389 -h localhost -D cn=orcladmin -w password -f D:/newattr.ldif
this ldif file contains inf. for creating a new attributes:
dn: cn=subschemasubentry
changetype: add
add: attributetypes
attributetypes: ( 1.2.3.4.5.6.10 NAME "xsUserType_new" DESC "User Type Definition" EQUALITY caseIgnoreMatch
SYNTAX "1.3.6.1.4.1.1466.115.121.1.15" )
I am getting error: Object class violation
Failed to find add in mandatory or optional attribute list.
Please help to find where I am going wrong...
Thanks.

Hi Ajay,
Thank you for the help. Now i am able to create both attributes and object classes in OID through Ldif files.
I was getting constraint violation error because (I think) I was not giving proper naming convection for attributes and object classes. For OID, there are certain Ldap naming conventions. They are as follows:
# X below is the enterprise number assigned by IANA
1.3.6.1.4.1.X.1 - assign to SNMP objects
1.3.6.1.4.1.X.2 - assign to LDAP objects
1.3.6.1.4.1.X.2.1 - assign to LDAP syntaxes
1.3.6.1.4.1.X.2.2 - assign to LDAP matchingrules
1.3.6.1.4.1.X.2.3 - assign to LDAP attributes
1.3.6.1.4.1.X.2.4 - assign to LDAP objectclasses
1.3.6.1.4.1.X.2.5 - assign to LDAP supported features
1.3.6.1.4.1.X.2.9 - assign to LDAP protocol mechanisms
1.3.6.1.4.1.X.2.10 - assign to LDAP controls
1.3.6.1.4.1.X.2.11 - assign to LDAP extended operations
By using these conventions for attributes and object class, I did got any error and they were created in OID.
Thanks a zillion.
Kalpana.

How can i add an custom attribute and assign it to an existing custom object class in sun ds

I need to add an attribute to sun ds schema and assign it to an existing custom object class.
I know how to add an attribute but how can i add the attribute to an existing custom object class.
Please help.
Thanks

The objectclasses attribute is multi-valued, so you can add several values to it as long as they are unique.
For instance, I think you can add several declaration of the same objectclass as below (note the difference is the number of spaces in the value) howewer, from a schema perspective, only 1 will be taken into account:
objectclasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword $ CustomAttr) X-ORIGIN 'RFC 2256' )
objectclasses: ( 2.5.6.6 NAME 'person' DESC 'Standard LDAP objectclass' SUP top MUST ( sn $ cn ) MAY ( description $ seeAlso $ telephoneNumber $ userPassword $ CustomAttr) X-ORIGIN 'RFC 2256 ' )
That's the reason why it is safe to delete previous value if you want to update an existing objectclass. No problem to add a new objectclass (new oid and new name) to the schema.
-Sylvain

OAM 10g attribute is not visible in object class in Identity System console

Hi All,
This is about OAM 10g environment with OID used as user/config/policy store. There are one custom user object class and custom attributes defined in Identity System console already. Now there is a requirement to add another custom attribute to that already existing custom user object class.
I have created the attribute in schema through ldap command and I am able to see it in LDAP browser as well. However even after restarting OAM identity server and webpass services, the attribute is not visible in Identity System console -> Common Configuration -> Objectclasses -> Custom object class.
Appreciate any help. Please treat this as urgent.
Thanks
Mahendra.

The solution is to add the attributes in OVD schema as OVD is the user store.

Custom object classes and access rights

Hi,
I have added a few object classes to the NDS schema; objects
belonging to one of them should be able to authenticate against the
directory and retrieve some attributes. I managed the login part having
the class inherit from ndsLoginAttributes, but if I login as the object
itself, I can't retrieve any attributes. I can browse the entry (it's a
container), but all I get are DNs and objectclass attributes. Is there a
way to grant the object the right to retrieve its own attributes, or
some of them, through the Java LDAP interface?
Thanks,
Juan
jheguia
jheguia's Profile: http://forums.novell.com/member.php?userid=84575
View this thread: http://forums.novell.com/showthread.php?t=415769

Hello,
I found a solution which is *almost* the right one. Basically I
deleted the class and created it again with a default ACL:
X-NDS_ACL_TEMPLATES ( '2# subtree#[Self]#[All Attributes Rights]' )
This allows the object to do as it pleases with its own attributes. I'd
prefer it to be only able to read them, but I haven't found a syntax for
ACLs. Is there anything I can read to see how to fine tune the access
rights templates?
Thanks,
Juan
jheguia
jheguia's Profile: http://forums.novell.com/member.php?userid=84575
View this thread: http://forums.novell.com/showthread.php?t=415769

Add user validation in create user form during Configure User Object Classe

Hi friends,
I like to add a user validation code (javaScript or PL/SQL) into create user form during Configure User Object Classes.
Is any way to pick user information and role assignment for validation in Portal side?
or pre event in OID provisioning befor loading LDAP?
We like to make a rols assignment validation. But portal does not have this function.
TOM, Any suggestion?
Thanks!!

after study, portal form --LOVGroupSearch take a role search and display user name for select role.
Who know we are can find system object LOVGroupSearch in portal or OID?
the source SCR as /oiddas/ui/oracle/ldap/das/search/LOVGroupSearch?title=Role%3Fredirect=/oiddas/ui/oracle/ldap/das/search/LOVGroupSearch%3Ftitle=Role
When we search a role and added it. selected role appears in form Search and Select:.
When click role name in Search and Select form. system will display Group Members and group owner.
Who can find behind codes for this form or samilar pl/sql codes?
Thanks!!

Needed object class for Reconciliation of OID groups?

Hi,
When I run OID Connector Gruop Lookup Reconciliation I only get the groups thath have the object class *'groupOfUniqueNames'*. All rest of groups are note reconcilied into the Lookup.OID.Group Lookup.
The problem is that I can´t modify all those groups that haven't this object class.
The groups that I can get actually have this object classes:
top
groupOfNames
it's possible to modify OID Connector Gruop Lookup Reconciliation to get all groups???
Tanks in advance.
regards.
Edited by: Daniel Cermeño on Sep 14, 2012 2:59 PM
Edited by: Daniel Cermeño on Sep 14, 2012 4:06 PM

Its a matter of setting the right ldap filter in the scheduled task . Find out what is required to fetch all the groups from OID using ldap browser or something else .
And then simply use the same ldap filter in OID Group look up recon ST.
try with (objectclass=group)
Thanks
Suren

Directory Editor adding object classes to the Extensions Tab

I'm using Sun's Directory Editor web based product. Under the extensions tab lists the object classes you can add (obviously there are only a select few there). I would like to have shadowAccount available there. I have went through the installation and configuration guide but can't find how to do this. Just wondering if anyone knows how to add custom object classes to this tab.

I'm using Sun's Directory Editor web based product.
Under the extensions tab lists the object classes you
can add (obviously there are only a select few
there). I would like to have shadowAccount available
there. I have went through the installation and
configuration guide but can't find how to do this.
Just wondering if anyone knows how to add custom
object classes to this tab.this link has such an example:
http://blogs.sun.com/kevlar/entry/directory_editor_tips
Disclaimer: that's my feedback under the blog post. I'm trying to figure out how to use DE to maintain an extended schema that includes migrated NIS maps. The overall goal is to migrate from NIS to LDAP as a naming service AND create realistically easy method for day-to-day administration (constantly using the console is out of the question). I believe DE might provide a solution, if custom forms can be figured out. It's been very slow going.
Does anyone else have examples of modifying Directory Editor forms? Any help would be appreciated.
Thanks,
Ron

LDAP object class voilation

Similar Messages

Maybe you are looking for