Environment
Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
Novell eDirectory
Situation
When trying to rename a user via LDAP an error is returned with the
number -609 which means 'Missing Mandatory'. No attributes
are being removed and no classes with mandatories are being
added.
This happens when trying to change naming attributes; for example changing an object cn=test000001,o=novell,dc=org to uid=test000001,o=novell,dc=org while a rename where the value of the naming attribute alone changes does not have this problem.
This happens when trying to change naming attributes; for example changing an object cn=test000001,o=novell,dc=org to uid=test000001,o=novell,dc=org while a rename where the value of the naming attribute alone changes does not have this problem.
Resolution
Using the LDIF samples listed below this can happen in the first
scenario because of the line 'deleteoldrdn: 1' which states that,
during the rename, the old name of the object should be removed
from the object. With a normal rename where the name of the
object is just changing values (test0 to test1) this is not a
problem and is usually desired because otherwise you have multiple
values in the CN (in this case) attribute. While this is a
legal feature of directories some applications become confused when
there are multiple values in the CN attribute.
In the case of the sample below the naming attribute itself is changing from CN to UID (uniqueid) which is a separate attribute altogether. Leaving in the 'deleteoldrdn: 1' line tells LDAP to remove the CN value which is normal. The problem in this case is that the CN probably only has one value and removing it means you are breaking the class. CN is a mandatory attribute for the User class. With this in mind this error should not show up when there are already multiple CNs on an object and should not show up when 'deleteoldrdn: 0' is substituted for the current last line. It will also not show up if you are naming from UID to CN because UID is not a mandatory for the user class and CN is. This could happen for other attributes on other object classes. See eDirectory's schema for details.
In the case of the sample below the naming attribute itself is changing from CN to UID (uniqueid) which is a separate attribute altogether. Leaving in the 'deleteoldrdn: 1' line tells LDAP to remove the CN value which is normal. The problem in this case is that the CN probably only has one value and removing it means you are breaking the class. CN is a mandatory attribute for the User class. With this in mind this error should not show up when there are already multiple CNs on an object and should not show up when 'deleteoldrdn: 0' is substituted for the current last line. It will also not show up if you are naming from UID to CN because UID is not a mandatory for the user class and CN is. This could happen for other attributes on other object classes. See eDirectory's schema for details.
Additional Information
#Original broken LDIF contents (naming attribute changes)
dn: cn=test000001,o=novell,dc=org
changetype: modrdn
newrdn: uid=test000001
deleteoldrdn: 1
#Original working LDIF contents (naming attribute stays 'cn' and value of that attribute changes)
dn: cn=test000001,o=novell,dc=org
changetype: modrdn
newrdn: cn=test000002
deleteoldrdn: 1
#New working LDIF contents (naming attribute changes, original attribute value is left alone).
dn: cn=test000001,o=novell,dc=org
changetype: modrdn
newrdn: uid=test000001
deleteoldrdn: 0
dn: cn=test000001,o=novell,dc=org
changetype: modrdn
newrdn: uid=test000001
deleteoldrdn: 1
#Original working LDIF contents (naming attribute stays 'cn' and value of that attribute changes)
dn: cn=test000001,o=novell,dc=org
changetype: modrdn
newrdn: cn=test000002
deleteoldrdn: 1
#New working LDIF contents (naming attribute changes, original attribute value is left alone).
dn: cn=test000001,o=novell,dc=org
changetype: modrdn
newrdn: uid=test000001
deleteoldrdn: 0