« Reloading Linux - How hard could it be? | Main | Steve's Election Analysis - Nov 6, 2006 »

October 25, 2006

"user-defined ObjectClass has inappropriate SUPerior"

This is mainly written for Google.

I've been engaged in building a custom LDAP directory with OpenLDAP on a Linux system, and it's been pretty slow slogging. The net is full of resources for how to use LDAP for authentication, or to hook a mailserver into an existing directory, but very little for building entirely new systems from scratch. "Schema design" is going to be mostly self taught.

Though I could do what I want with MySQL, I really believe that a hierarchical, nonrelational system is a better fit to my application, (particularly because of better distributed, partitionable replication) but I still have a long learning curve ahead of me.

I had one particular error when defining a schema, and Google did not help me, so I'll plant the resolution here for the next one down this road.

After creating a schema to define the object of interest, trying to start the server produced an error message: 

user-defined ObjectClass has inappropriate SUPerior

I'm defining a network device to be monitored, and that includes a whole raft of attributes. Hostname, IP address, description, parameters to various types of monitoring, and so on. This also includes SNMP credentials to make these queries. 

objectclass ( myObjectClass:1
    NAME 'mySnmpCredentials'
    DESC 'All the stuff needed to access SNMP'
    AUXILIARY
    MAY ( mySnmpVersion
        $ mySnmpCommunity
        $ mySnmpUseTCP
        $ mySnmpAuthKey
        $ mySnmpEncrKey ) )

objectclass ( myObjectClass:2
    NAME 'myDevice'
    DESC 'A monitored device'
    SUP ( top $ mySnmpCredentials ) STRUCTURAL
    MUST ( cn $ myHostname )
    MAY ( myEnabled
        $ myDescription
        $ myComments
        $ myDnsIPAddress
        $ myDnsAliases
        $ myDnsTxtRecord
        $ myBGPRouteCountType
        $ myBGPRouteCountEnabled ) )

Though a myDevice object works fine when all the attributes are provided in a long list, attempting to abstract out the SNMP credentials (which are likely to be used elsewhere in this same form) produced the above error.

It turns out that using AUXILIARY for the mixin object is responsible for this: changing it to ABSTRACT fixed it right up.

It's not entirely clear to me what the difference is between STRUCTURAL and AUXILIARY object types, and it appears that some servers don't enforce a distinction.

Posted by steve at October 25, 2006 08:23 AM

Comments

Steve,

Structural classes are used to create instance of an object in LDAP directory.

Auxiliary classes are some kind of containers with attributes which can be used to extend structurall classes with additional attributes.
You can add many different aux classess to structurall class definition if You want to extend it with some attributes.

This is very simple and maybe not very accurate (technically) description but I think it shows the idea behind structural and aux classess.

Posted by: Tomek Onyszko at October 27, 2006 12:54 PM