RDN not allowed when an attribute of the group present also in the DN is changed

Description

During the renaming of a group, if the attribute is also part of the DN, ldap raises an exception.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 javax.naming.directory.SchemaViolationException: [LDAP: error code 67 - NOT_ALLOWED_ON_RDN: failed for MessageType : MODIFY_REQUEST Message ID : 66 Modify Request Object : 'cn=testLDAPGroup,ou=groups,o=isp' Modification[0] Operation : replace Modification owner: (null) Modification[1] Operation : replace Modification description: (null) Modification[2] Operation : replace Modification cn: testLDAPGroup2org.apache.directory.api.ldap.model.message.ModifyRequestImpl@9aac12bb: ERR_62 Entry cn=testLDAPGroup,ou=groups,o=isp does not have the cn attributeType, which is part of the RDN";]; remaining name 'cn=testLDAPGroup,ou=groups,o=isp' Cause: [LDAP: error code 67 - NOT_ALLOWED_ON_RDN: failed for MessageType : MODIFY_REQUEST

With a ldapmodify it's possible to rename the group

1 2 3 4 5 dn: cn=aGroupForPropagation,ou=Groups,o=isp changetype: moddn newrdn: cn=aGroupForPropagation1 deleteoldrdn: 1 newsuperior: ou=Groups,o=isp

The solution is:

  1. Check the name of attribute used in the DN

  2. Remove the attribute from the set to be sent to ldap

Environment

None

Status

Assignee

Marco Di Sabatino Di Diodoro

Reporter

Marco Di Sabatino Di Diodoro

Labels

None

Fix versions

Affects versions

1.5.3

Priority

Major
Configure