[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy

Full_Name: Pierre-Arnaud Marcelot
Version: 2.4.35
OS: Linux Mint 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


It looks like it's not possible to modify the 'objectClass' attribute of
configuration entries.

I have some code generating entries for OpenLDAP configuration from a UI utility
and updating existing configuration entries in DIT.
This code generates entries with the 'objectClass' attribute containing the full
object class hierarchy (all the way to 'top') and not only the highest
structural object class (which is the case of default OpenLDAP configuration).

When updating the configuration in the DIT, the code then tries to complete the
'objectClass' attribute with the full list of object classes.
That operations ends with "error code 53- UnwillingToPerform".

Here's an example on the "cn=config" entry:
#!CONNECTION ldap://
#!DATE 2013-05-22T14:56:03.039
#!ERROR [LDAP: error code 53 - UnwillingToPerform]
dn: cn=config
changetype: modify
replace: objectClass
objectClass: olcConfig
objectClass: olcGlobal
objectClass: top