Problem: you get LDAP Error: Object class violation: invalid structural object class chain (person/univentionUserTemplate)


From a joinscript you get
LDAP Error: Object class violation: invalid structural object class chain (person/univentionUserTemplate)


For the extended attributes of users/user the settings/usertemplate are automatically taken over. Since settings/usertemplate has a structural object class (which already allows all attributes from person,inetOrgPerson,…) no further structural object class can be attached to the object.

The challange is to find the causing extended attribute.

udm settings/extended_attribute list
udm settings/usertemplate list
DN: cn=manager,cn=custom attributes,cn=univention,dc=schein,dc=intern
  CLIName: manager
  copyable: 0
  default: uid=schein,ou=Aktuell,ou=user,ou=schein.intern,dc=schein,dc=intern
  deleteObjectClass: 0
  disableUDMWeb: 0
  doNotSearch: 0
  fullWidth: 0
  groupName: Organisation
  groupPosition: None
  hook: None
  ldapMapping: manager
  longDescription: None
  mayChange: 1
  module: users/user
  multivalue: 0
  name: manager
  notEditable: 0
  objectClass: person
  overwritePosition: secretary
  overwriteTab: 0
  shortDescription: VorgesetzteR
  syntax: UserDN
  tabAdvanced: 0
  tabName: General
  tabPosition: 3
  translationGroupName: de_DE: Organisation
  translationTabName: de_DE: Allgemein
  valueRequired: 0
  version: 2

This custom attribute comes with the objectClass: person, which is the second, not allowed structual objectClass


The following patch can be used as workaround:

--- /usr/lib/python2.7/dist-packages/univention/admin/handlers/settings/    2021-02-02 20:46:15.442391000 +0100
+++ /usr/lib/python2.7/dist-packages/univention/admin/handlers/settings/ 2021-02-02 20:47:11.770391000 +0100
@@ -40,7 +40,7 @@
 translation = univention.admin.localization.translation('univention.admin.handlers.settings')
 _ = translation.translate
+BLACKLISTED_OBJECT_CLASSES = {b'inetOrgPerson', b'person', b'organizationalPerson'}
 module = 'settings/usertemplate'
 operations = ['add', 'edit', 'remove', 'search', 'move']