[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
- From: hyc@symas.com
- Date: Thu, 23 May 2013 14:31:45 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
pa@marcelot.net wrote:
> Full_Name: Pierre-Arnaud Marcelot
> Version: 2.4.35
> OS: Linux Mint
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (78.226.4.211)
>
>
> Hi,
>
> It looks like it's not possible to modify the 'objectClass' attribute of
> configuration entries.
Correct. The config DIT has very rigid schema and layout rules.
> I have some code generating entries for OpenLDAP configuration from a UI utility
> and updating existing configuration entries in DIT.
> This code generates entries with the 'objectClass' attribute containing the full
> object class hierarchy (all the way to 'top') and not only the highest
> structural object class (which is the case of default OpenLDAP configuration).
>
> When updating the configuration in the DIT, the code then tries to complete the
> 'objectClass' attribute with the full list of object classes.
> That operations ends with "error code 53- UnwillingToPerform".
Don't do that.
> Here's an example on the "cn=config" entry:
> #!RESULT ERROR
> #!CONNECTION ldap://10.211.55.13:389
> #!DATE 2013-05-22T14:56:03.039
> #!ERROR [LDAP: error code 53 - UnwillingToPerform]
> dn: cn=config
> changetype: modify
> replace: objectClass
> objectClass: olcConfig
> objectClass: olcGlobal
> objectClass: top
> -
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/