Overview#ObjectClass=unknown is an ObjectClass Type assigned to a LDAP Entry when all of the MUST AttributeTypes are not yet present for the ObjectClasses defined to create the entry.
Typically this happens when based Forward Reference when trying to maintain Referential Integrity. This could happen when a user DN is added to a Group but the user is not yet completed the Add Request.LDAP Container. In that case, the following cross platform procedure can be used.
- Start Imonitor
- Click on NDS iMonitor in the upper left corner of the frame. In the "NDS iMonitor Configuration" section, choose the 'Enabled' radio buttion and click on 'Submit'.
- Navigate to the object in question.
- Choose Advanced Options -> Mutate Entry. If this doesn't succeed, two error codes could be returned.
- MISSING MANDATORY (-609) - The mutate doesn't complete as a mandatory attribute for the class is missing, eg surname on a user object. In some cases, the attribute can be added via iManager or an ldif file.
- -603 (No Such Attribute) - The mutate doesn't complete as the UnknownBaseClass attribute is missing. Determine the appropriate class and add it via Imanager.
- Additional Advanced Options need to be added. Navigate to the object in question and add '&op=all' to the end of the URL.
- Choose Advanced Options -> Mark Entry New. (This removes the reference flag from the object and allows the changed to synch to the other servers.)
In some cases, the object still won't synch immediately. If this needs to be done, choose Advanced Options -> TimeStamp Entry.Replica and not on another, run Ndsrepair -P | Advanced Options | Repair Local Database | Check Local References on the databases with unknown objects.
Verify Schema Synchronization#...
More Information#There might be more information for this subject on one of the following:
- [#1] - Cross platform method to mutate unknown objects with iMonitor - based on information obtained 2018-03-29-