wilhelmm Absent Member.
Absent Member.
888 views

Object CLass Violation / SSPR 4.1.0.2

Hey guys,

we have a problem with our new SSPR Appliance. We get the following error:

ERROR, ldap.LdapOperationsHelper, {#,health} error adding objectclass 'pwmUser' to user cn=****,ou=****,o=****: com.novell.ldapchai.exception.ChaiOperationException: javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - NDS error: object class violation (-628)]

We set up the appliance with the nds-admin user. If i set up the Challenge Response with my admin-equivalent user it works. But if i login with on of my dummy users it doesn´t work (same error as above).

The setup showed no error. We tested the same installation in our test-environment.

thx
Mike
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: Object CLass Violation / SSPR 4.1.0.2

It may be useful to get a trace of LDAP traffic from the eDirectory side
during this entire operation. Presumably, since it works with one user,
your schema was properly extended for pwmUser, which is good, but perhaps
something about the process of applying it to the broken user did not go
well. This is an aux class, so it should be able to be applied to any
object when necessary, and SSPR should know when to apply it and do so
accordingly. Perhaps a rights problem prevented that at some point, which
may point to a misconfiguration in SSPR, or perhaps there is something
else with your environment. Either way, a trace may help:


# The following two lines are in a shell, then the rest in ndstrace itself
ldapconfig set 'LDAP Screen Level=all'
ndstrace

set dstrace=nodebug
dstrace +time +tags +ldap
set dstrace=*m9999999
dstrace file on
set dstrace=*r
#perform test in SSPR here
dstrace file off
quit


The default file location is /var/opt/novell/eDirectory/log/ndstrace.log

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: Object CLass Violation / SSPR 4.1.0.2

On 3/28/2017 3:36 AM, wilhelmm wrote:
>
> Hey guys,
>
> we have a problem with our new SSPR Appliance. We get the following
> error:
>
> ERROR, ldap.LdapOperationsHelper, {#,health} error adding objectclass
> 'pwmUser' to user cn=****,ou=****,o=****:
> com.novell.ldapchai.exception.ChaiOperationException:
> javax.naming.directory.SchemaViolationException: [LDAP: error code 65 -
> NDS error: object class violation (-628)]
>
> We set up the appliance with the nds-admin user. If i set up the
> Challenge Response with my admin-equivalent user it works. But if i
> login with on of my dummy users it doesn�t work (same error as above).
>
> The setup showed no error. We tested the same installation in our
> test-environment.


If it works for Admin and not user, then possibly there is a permission
issue, and it is trying to add an attribute but without the aux class,
since it might have permission to the attribute but not the aux class?


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.