4 Replies Latest reply on Dec 5, 2006 5:20 PM by 807573

    Unable to create Users in LDAP - Object class violation

    807573
      I'm unable to create users under any organization through AM console. I'm getting the following error in amProfile_ldap.

      12/04/2006 10:19:03:585 AM CST: Thread[service-j2ee-2,5,main]
      WARNING: DirectoryServicesImpl.createUser(): Internal Error occurred. Unable to create User Entry
      com.iplanet.ums.UMSException: Unable to add the entry "uid=scott,ou=People,o=testorg,dc=test,dc=com"::null. Root exception is
      netscape.ldap.LDAPException: error result (65); Object class violation
      at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4866)
      at netscape.ldap.LDAPConnection.add(LDAPConnection.java:2851)
      at netscape.ldap.LDAPConnection.add(LDAPConnection.java:2866)
      at netscape.ldap.LDAPConnection.add(LDAPConnection.java:2816)
      at com.iplanet.ums.DataLayer.addEntry(DataLayer.java:432)
      at com.iplanet.ums.PersistentObject.addChild(PersistentObject.java:722)
      at com.iplanet.am.sdk.ldap.DirectoryServicesImpl.createUser(DirectoryServicesImpl. java:998)
      at com.iplanet.am.sdk.ldap.DirectoryServicesImpl.createEntry(DirectoryServicesImpl .java:1490)
      at com.iplanet.am.sdk.ldap.CachedDirectoryServicesImpl.createEntry(CachedDirectory ServicesImpl.java:349)
      at com.iplanet.am.sdk.AMObjectImpl.create(AMObjectImpl.java:1001)
      at com.iplanet.am.sdk.AMPeopleContainerImpl.createUsers(AMPeopleContainerImpl.java :190)
      at com.iplanet.am.console.user.model.UMCreateUserModelImpl.createUser(UMCreateUser ModelImpl.java:356)
      at com.iplanet.am.console.user.UMCreateUserViewBean.createUser(UMCreateUserViewBea n.java:490)
      at com.iplanet.am.console.user.UMCreateUserViewBean.handleBtnCreateRequest(UMCreat eUserViewBean.java:368)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequ estHandlingCommand.java:183)
      at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingView Base.java:308)
      at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
      at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.ja va:740)
      at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
      at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase. java:957)
      at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.j ava:615)
      at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
      at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrap perValve.java:771)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java: 322)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java: 212)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
      at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java: 161)
      at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
      12/04/2006 10:19:03:597 AM CST: Thread[service-j2ee-2,5,main]
      In CachedDirectoryServicesImpl.getAttributes(SSOToken entryDN, attrNames, ignoreCompliance, byteValues) (cn=dsameuser,ou=dsame
      users,dc=test,dc=com, o=testorg,dc=test,dc=com, [sunRegisteredServiceName], true, false method.
      12/04/2006 10:19:03:598 AM CST: Thread[service-j2ee-2,5,main]
      CachedDirectoryServicesImpl.getAttributes(): found all attributes in Cache.
      12/04/2006 10:19:03:598 AM CST: Thread[service-j2ee-2,5,main]
      DirectoryServicesImpl.getRegisteredServiceNames() Registered Service Names for entryDN: o=testorg,dc=test,dc=com are: [iPlanet
      AMSessionService, iPlanetAMAuthMembershipService, iPlanetAMAdminConsoleService, iPlanetAMAuthService, iPlanetAMPolicyConfigSer
      vice, iPlanetAMAuthLDAPMultiService, iPlanetAMUserService, iPlanetAMAuthAnonymousService, iPlanetAMAuthConfiguration, iPlanetA
      MAuthLDAPService, SunPortalDesktopService, sunAMAuthSAMLService, srapGatewayAccessService]
      12/04/2006 10:19:03:599 AM CST: Thread[service-j2ee-2,5,main]
      CachedDirectoryServicesImpl.getOrganizationDN() - looping Organization DN for entry: o=testorg,dc=test,dc=com
      12/04/2006 10:19:03:600 AM CST: Thread[service-j2ee-2,5,main]
      CachedDirectoryServicesImpl.getOrganizationDN(): found OrganizationDN: o=testorg,dc=test,dc=com for: o=testorg,dc=test,dc=com
      12/04/2006 10:19:03:631 AM CST: Thread[service-j2ee-2,5,main]
      CachedDirectoryServicesImpl.doesEntryExist(): entryDN: uid=amAdmin,ou=People,dc=test,dc=com found in cache & exists: true
      12/04/2006 10:19:03:642 AM CST: Thread[service-j2ee-2,5,main]
      CachedDirectoryServicesImpl.getOrganizationDN() - looping Organization DN for entry: o=testorg,dc=test,dc=com
      12/04/2006 10:19:03:642 AM CST: Thread[service-j2ee-2,5,main]
      CachedDirectoryServicesImpl.getOrganizationDN(): found OrganizationDN: o=testorg,dc=test,dc=com for: o=testorg,dc=test,dc=com

      I'm really not sure what change caused this to happen. I can't import any user specific ldif files through DS console as well. I appreciate if somebody guides me how to correct this?

      Thanks in advance,
      lakshmi
        • 1. Re: Unable to create Users in LDAP - Object class violation
          807770
          Root exception is netscape.ldap.LDAPException: error result (65); Object class violation
          The user you're trying to create has some data that is not allowed, or is missing required data.

          Look over the objectClasses associated with your user objects, and verify that you're providing all required attributes. For example, if your users have objectClass: inetOrgPerson, you might be omitting the 'sn' (surname) attribute, which is required for inetOrgPerson objects.

          If you examine the error log on your directory server, it should have details as to what caused the object class violation.
          • 2. Re: Unable to create Users in LDAP - Object class violation
            807573
            Thanks for the quick response. I looked into the DS logs. Following is the exception details:
            [04/Dec/2006:14:11:58 -0600] - ERROR<5894> - Schema - conn=1 op=3202 msgId=3349 - User error: Entry "uid=scott,ou=People,o
            =testorg,dc=test,dc=com" has unknown object class "sunamauthaccountlockout"

            But I'm trying to create the User from AM console where there is no attribute for AccountLockout. Can you help me find how to correct this?
            • 3. Re: Unable to create Users in LDAP - Object class violation
              807770
              That message means the server doesn't know what a "sunAmAuthAccountLockout" object is. In other words, the Sun Access Manager schema has not been added to your directory server.

              The Access Manager docs should tell you how to get the schema onto your directory server.
              • 4. Re: Unable to create Users in LDAP - Object class violation
                807573
                I fixed the issue. Actually there were two things missing in the directory schema.
                1. sunAMAuthAccountLockout object class
                2. sunAMAuthInvalidAttemptsData, This is an attribute that the above object class requires.

                So I created them in the directory servcer and that fixed the issue. But I don't know why these things were not present in the first place.