Unable to create DSfW users with MMC
This document (7003431) is provided subject to the disclaimer at the end of this document.
Novell Open Enterprise Server 2.0 SP1 (Linux Based)
Microsoft Management Console
MMC returns the following error message:
Error: The requested operation did not satisfy one or more constraints associated with the class of the object.
The problem can also also affect the creation of group objects and it can appear in other classes other than Person. In general, every Object class starting from User should have a reference to only one class in its Super Class list. The same applies to the Group class definition. This is not a general rule for all object classes, but it's what MMC expects to find when checking the schema definition of these particular classes. In other occasions where this problem has been seen, the User class had "Organizational Person" and "ndsLoginProperties" in its superclass list, when it was supposed to have only "Organizational Person". In the case of Group, this class definition had both "ndsLoginProperties" and "Top" (but only Top should be listed).
The error is shown in the following error message:
3063749536 MISC: [2009/05/12 12:40:08.922] FixObjectClass: Object Class has .ndsLoginProperties.[Class Definitions].[Schema Root]
3063749536 MISC: [2009/05/12 12:40:08.922] FixObjectClass: more than one effective class, unable to determine baseclass failed, object class violation (-628)
To check for the current schema definition using ldapsearch use the following command: "ldapsearch -x -b cn=schema -s base objectclasses=person", which returns the following output:
objectClasses: ( 184.108.40.206 NAME 'Person' SUP ( Top $ ndsLoginProperties ) STRUCT
URAL MUST "..."
Make sure to run the the ldapsearch command locally on the DSfW Domain Controller, or by pointing to it.
This is the expected output for "ldapsearch -x -b cn=schema -s base objectclasses=person" is:
objectClasses: ( 220.127.116.11 NAME 'Person' SUP ndsLoginProperties STRUCTURAL MUST "..."
It's also possible to use iMonitor to check the schema definitions by using the "Schema"| "Base" option to check the base class definitions of the User and Group classes.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7003431
- Creation Date:03-JUN-09
- Modified Date:03-JUL-13
- NovellOpen Enterprise Server
Did this document solve your problem? Provide Feedback