Description
It's not possible to delete an objectClass with an mandatory attribute from an entry. In my example I tried to delete object Class krb5Principal and attribue krb5PrincipalName in one request:
--------------------------------------------------
dn: cn=test,ou=users,ou=system
changetype: modify
delete: krb5PrincipalName
-
delete: objectClass
objectClass: krb5Principal
-
--------------------------------------------------
Here is ther server's log:
-------------------------------------------------------------
[11:16:22] ERROR [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHandler] - OBJECT_CLASS_VIOLATION: failed for Modify Request
Object : '2.5.4.3=test2,2.5.4.11=users,2.5.4.11=system'
Modification[0]
Operation : delete
Modification
krb5principalname: (null)
Modification[1]
Operation : delete
Modification
objectclass: krb5Principal
: Attribute krb5PrincipalName not declared in objectClasses of entry cn=test2,ou=users,ou=system
org.apache.directory.shared.ldap.exception.LdapSchemaViolationException: Attribute krb5PrincipalName not declared in objectClasses of entry cn=test2,ou=users,ou=system
at org.apache.directory.server.core.schema.SchemaInterceptor.assertAllAttributesAllowed(SchemaInterceptor.java:1861)
at org.apache.directory.server.core.schema.SchemaInterceptor.check(SchemaInterceptor.java:1692)
at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1424)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1209)
at org.apache.directory.server.core.operational.OperationalAttributeInterceptor.modify(OperationalAttributeInterceptor.java:198)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1209)
at org.apache.directory.server.core.exception.ExceptionInterceptor.modify(ExceptionInterceptor.java:367)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1209)
at org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor.modify(DefaultAuthorizationInterceptor.java:272)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1209)
at org.apache.directory.server.core.authz.AciAuthorizationInterceptor.modify(AciAuthorizationInterceptor.java:565)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1209)
at org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:337)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.modify(InterceptorChain.java:1209)
at org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:127)
at org.apache.directory.server.core.interceptor.InterceptorChain.modify(InterceptorChain.java:814)
at org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:289)
at org.apache.directory.server.core.DefaultCoreSession.modify(DefaultCoreSession.java:419)
at org.apache.directory.server.ldap.handlers.ModifyHandler.handleIgnoringReferrals(ModifyHandler.java:58)
at org.apache.directory.server.ldap.handlers.ModifyHandler.handleIgnoringReferrals(ModifyHandler.java:40)
at org.apache.directory.server.ldap.handlers.ReferralAwareRequestHandler.handleWithReferrals(ReferralAwareRequestHandler.java:442)
at org.apache.directory.server.ldap.handlers.ReferralAwareRequestHandler.handle(ReferralAwareRequestHandler.java:150)
at org.apache.directory.server.ldap.handlers.ReferralAwareRequestHandler.handle(ReferralAwareRequestHandler.java:66)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.messageReceived(LdapRequestHandler.java:171)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.messageReceived(LdapRequestHandler.java:46)
at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:141)
at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:181)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:570)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:58)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:180)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:220)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
at java.lang.Thread.run(Thread.java:595)
--------------------------------------------------
BTW: It's no problem to add a new objectClass with a mandatory attribute to an entry:
--------------------------------------------------
dn: cn=test,ou=users,ou=system
changetype: modify
add: objectClass
objectClass: krb5Principal
-
add: krb5PrincipalName
krb5PrincipalName: test
-
--------------------------------------------------