Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
jleseberg
New Member.
695 views

eDirectory Corrupted Schema

We have eDirectory version 8.8 SP8 Patch 11 running on RHEL 6.10 and the schema recently got updated with classes and attributes that we think were added by the LDAP version of Designer 4.6.2. The schema has duplicate attributes and classes that contain a dash. The schema has the normal Tree Root class but a class named Tree-Root got added to the schema with the same ASN1 ID (2.16.840.1.113719.1.1.6.1.32) number as Tree Root. There are 6 other classes that show they can be contained by the Tree-Root class. We have attempted to update the 6 classes so they no longer can be contained by Tree-Root but that process fails.

We also have imported the schema from an environment that does not contain the Tree-Root class but it does not remove Tree-Root.

Are there any suggestions on how we can remove the Tree-Root class and other classes that were added with the dash?
Labels (1)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: eDirectory Corrupted Schema

On 11/15/2018 01:14 PM, jleseberg wrote:
>
> We have eDirectory version 8.8 SP8 Patch 11 running on RHEL 6.10 and the
> schema recently got updated with classes and attributes that we think
> were added by the LDAP version of Designer 4.6.2. The schema has
> duplicate attributes and classes that contain a dash. The schema has
> the normal Tree Root class but a class named Tree-Root got added to the
> schema with the same ASN1 ID (2.16.840.1.113719.1.1.6.1.32) number as
> Tree Root. There are 6 other classes that show they can be contained by
> the Tree-Root class. We have attempted to update the 6 classes so they
> no longer can be contained by Tree-Root but that process fails.


How did you first notice this? It seems incredibly unlikely that Designer
"corrupted schema", though of course IDM does add schema from time to time
like any application.

> We also have imported the schema from an environment that does not
> contain the Tree-Root class but it does not remove Tree-Root.


Importing brings in new, but does not necessarily take out old, so this is
expected.

> Are there any suggestions on how we can remove the Tree-Root class and
> other classes that were added with the dash?


I'd still like to know why you want to remove these, and how you are
seeing them? Is this visible from iManager, or are you only seeing these
via LDAP tools like Apache Directory Studio? What does iMonitor show with
regard to eDirectory schema? Have a screenshot you can post somewhere for
review?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Highlighted
jleseberg
New Member.

Re: eDirectory Corrupted Schema

A developer was attempting to run a test and received a schema violation error. We then looked at the schema to see if there was anything that looked different from our production environment. This happened after the LDAP version of Designer 4.6 was used to deploy to eDirectory.

We are able to see the classes in iManager, iMonitor, and in Apache DS. We identified 6 classes that show Tree-Root and Tree Root as can be contained by, they are:
Country
Organization
Domain
ASAM-systemContainer
Audit:File Object
SAS:Security

The following link has screenshots of the Tree-Root, Tree Root, and Country classes from iManager: https://imgur.com/a/wOKUWrI
0 Likes
Knowledge Partner
Knowledge Partner

Re: eDirectory Corrupted Schema

At least it's not flagged "non-removable". If this is not elucidated by early next week i'll sacrifice a lab-tree...
0 Likes
jtl1 Absent Member.
Absent Member.

Re: eDirectory Corrupted Schema

On 2018-11-16 17:54, jleseberg wrote:
>
> A developer was attempting to run a test and received a schema violation
> error. We then looked at the schema to see if there was anything that
> looked different from our production environment. This happened after
> the LDAP version of Designer 4.6 was used to deploy to eDirectory.
>
> We are able to see the classes in iManager, iMonitor, and in Apache DS.
> We identified 6 classes that show Tree-Root and Tree Root as can be
> contained by, they are:
> Country
> Organization
> Domain
> ASAM-systemContainer
> Audit:File Object
> SAS:Security
>
> The following link has screenshots of the Tree-Root, Tree Root, and
> Country classes from iManager: https://imgur.com/a/wOKUWrI
>
>

There is nothing wrong with that. They are all object types that can be created directly at the top level (tree root). The
schema violation error that one of your developers get is probably related to something else. I suggest that you turn on LDAP in
the eDirectory trace and look for a more detailed error or try to break down the LDAP operation into smaller pieces to identify
the root cause.

Best regards,
Tobias

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.