Jon Roberts wrote:
Jehan PROCACCIA wrote:
I'am surprise that I cannot add or replace to an existing object a
new objectclass in the same hierarchie of class !?
Can I do that without deleting the object and recreate it from
scratch :-( ?.
AFAIK, no... not since the tighter schema checking that came with 2.1.
Back in 2003 I initiated an overlong thread on this list about how
OpenLDAP prevented me from extending person entries to use
organizationalperson by modifying the objectclass attribute. Since
then it's been "delete and readd" as you say.
Do you remember the subject of that thread, I would like to read it from
the archive.
The problem here is that the objeclass person and oranizationalPerson
are in the same structural Chain, futhermore, it is exactly the sample
proposed on that subject in the openldap FAQ and it is supossed to be
possible to have both ; from
http://www.openldap.org/faq/data/cache/883.html "Thus, it is OK for an
objectClass attribute to contain /inetOrgPerson/, /organizationalPerson/,
and /person/ because they inherit one from another to form a single
superclass chain. That is, /inetOrgPerson/ SUPs /organizationPerson/ SUPs
/person/."
I must admit that I'am lost, did I forgot something ?
I repost my "bad(?)" experience:
Here's my sample object on which I want to add the objectclass
organizationalPerson
dn: sn=CITI,ou=departements,ou=information,dc=int-evry,dc=fr
objectClass: person
cn: Communication and Image
sn: CITI
$ ldapmodify -f /tmp/add-dept.ldif -h localhost -D
cn=admin,dc=int-evry,dc=fr -W -x
modifying entry "sn=CITI,ou=departements,ou=information,dc=int-evry,dc=fr"
ldap_modify: Cannot modify object class (69)
additional info: structural object class modification from
'person' to 'organizationalPerson' not allowed