Ctrl+K

Missing organization unit#

There are two attributes that are used to indicate which organization units (schools in primary and secondary education) the user is associated with.

  • eduPersonOrgUnitDN: Contains all organization units (schools in primary and secondary education) the user is associated with.

  • eduPersonPrimaryOrgUnitDN: Contains the primary organization unit (school in primary and secondary education) the user is associated with.

This error indicates that the user has both the eduPersonPrimaryOrgUnitDN- and the eduPersonOrgUnitDN-attribute, but that the value in eduPersonPrimaryOrgUnitDN-value is not present in the eduPersonOrgUnitDN-attribute. Either because the value is missing from eduPersonOrgUnitDN, or because the eduPersonPrimaryOrgUnitDN-value is incorrect.

Example#

A user was moved from “One school” to “Other school”, but the eduPersonPrimaryOrgUnitDN-value was not updated:

  • eduPersonOrgUnitDN: ou=Other school,cn=schools,dc=example,dc=org

  • eduPersonPrimaryOrgUnitDN: ou=One school,cn=schools,dc=example,dc=org

To fix this, update eduPersonPrimaryOrgUnitDN as well.

On this page