I recently saw an OID installation that had a corrupt ObjectClass. It appeared to have a name of just ‘(‘, simply a left parenthesis:



After some digging, the original LDIF import was found with the bad objectclass definition:

objectclasses=(  NAME ( 'ontorganization' ) DESC 'User Defined ObjectClass' STRUCTURAL SUP ( top ) MUST ( cn ) MAY ( c $ companyName $ l $ organizationuid $ ontauthztransaction $ ontvalidobject $ postalCode $ productdn $ st $ street $ uniqueMember $ XLSGRPAPRVIND $ XLSGRPEMAILADDR $ XLSGRPLGNATMPTCNT $ XLSGRPNAME $ XLSGRPNBR $ XLSLGNATMPTCNT $ ontimmedparentorg ) )

Note the NAME entry, it should not contain parenthesis around it, it should be “…NAME ‘ontorganization’ …”

Trying to delete this corrupt objectclass through normal means did not work (ODSM, LDIF, etc…). Time to hit the DB.

Opening up the OID database schema (ODS), we know that the objectclasses are part of the subschemasubentry entry. We also know that ObjectClasses are really just attributes of this entry; they are stored in a multi-valued attribute called objectclasses. So we need to find all the attributes of the subschemasubentry entry.

First, we need to find the EntryID for the cn=subschemasubentry entry. We know the CN is ‘subschemasubentry’ so let’s run this query:

select * from ct_cn where attrvalue = 'subschemasubentry';

The results here should be the same for everyone, but in my case, ENTRYID is 2.

Screen Shot 2014-10-02 at 2.12.46 PM


Next we have to find the list of values for the ‘objectclasses’ attribute for this entry so we run this query:

select * from ds_attrstore where entryid=2 and attrname='objectclasses';
Screen Shot 2014-10-02 at 2.15.37 PM


The results look very familiar, exactly what you would see when defining the objectclass through LDIF. Scrolling through this list, we find the bad entry:



All we do  now is simply UPDATE this with the correct text, commit, and bounce OID. Now our objectclass looks normal and can be deleted if necessary.

Obviously, take all necessary precautions when doing things at the DB level.