[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
From: pa@marcelot.net
Date: Thu, 23 May 2013 14:51:21 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

On 23 mai 2013, at 16:31, Howard Chu <hyc@symas.com> wrote:

> pa@marcelot.net wrote:
>> Full_Name: Pierre-Arnaud Marcelot
>> Version: 2.4.35
>> OS: Linux Mint
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (78.226.4.211)
>> 
>> 
>> Hi,
>> 
>> It looks like it's not possible to modify the 'objectClass' attribute of
>> configuration entries.
> 
> Correct. The config DIT has very rigid schema and layout rules.

Indeed.

>> I have some code generating entries for OpenLDAP configuration from a UI utility
>> and updating existing configuration entries in DIT.
>> This code generates entries with the 'objectClass' attribute containing the full
>> object class hierarchy (all the way to 'top') and not only the highest
>> structural object class (which is the case of default OpenLDAP configuration).
>> 
>> When updating the configuration in the DIT, the code then tries to complete the
>> 'objectClass' attribute with the full list of object classes.
>> That operations ends with "error code 53- UnwillingToPerform".
> 
> Don't do that.

Sure, that's why I have a *bad* workaround to not update the 'objectClass' attribute even if the original and my generated one don't match.
Still, looking at LDAP standards, that doesn't seem to be a naughty operation at all and nothing is really wrong with the resulting entry.

Regards,
Pierre-Arnaud

>> Here's an example on the "cn=config" entry:
>> #!RESULT ERROR
>> #!CONNECTION ldap://10.211.55.13:389
>> #!DATE 2013-05-22T14:56:03.039
>> #!ERROR [LDAP: error code 53 - UnwillingToPerform]
>> dn: cn=config
>> changetype: modify
>> replace: objectClass
>> objectClass: olcConfig
>> objectClass: olcGlobal
>> objectClass: top
>> -
>> 
>> 
> 
> 
> -- 
>  -- Howard Chu
>  CTO, Symas Corp.           http://www.symas.com
>  Director, Highland Sun     http://highlandsun.com/hyc/
>  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
Next by Date: Re: (ITS#7581) adding meta backend in cn=config with ldapadd / ldapmodify
Index(es):
- Chronological
- Thread