[Date Prev][Date Next] [Chronological] [Thread] [Top]

finally clear on error 69



This is off-list, but I wanted to get back to you. Actually, I'm not receiving openldap-software mailing list messages anymore and you may have noticed my last few posts didn't make the list either. It may be because of a routing failure my provider blessed me with last week which caused a lot of my mail to bounce back to senders. I just hope it's not because I'm no longer welcome; I haven't been able to re-subscribe.

Back to the question: is there any way to add valid structural objectclasses to an existing entry that already has a strucutural objectclass through the protocol? Regardless of how I got it, I now feel like I have an answer I can rest with: "No".

Tony Earnshaw wrote:
O.k. ldapmodify is telling you that you cannot change a person to an organizationalPerson. But you can add an organizationalPerson to a person. Those are the rules. I didn't make them up, but Openldap 2.1 is pretty strict about them. 2.0 wasn't.

Actually, from what I read in the RFC's, this is left to the implementation, so it isn't a hard/fast rule per LDAP. There really is no reason such an operation can't be accomplished through the protocol, but I'm sure there's a very good software reason why it's not allowed in OpenLDAP.


Try *adding* the following 'ldapadd' ldif entry:
...
Don't say it doesn't work, I just did it for you.
"Oh, but that's not what I want." says Jon. "I want to modify." Nevertheless, that's what you are going to have to work around.

If it were a matter of getting the data straight, I wouldn't hesitate to LDIF in and out. The problem for me is that I have a function in my software offering (my extend servlet) that now has a new limitation. At least now I know it doesn't apply to all objectclasses and can give an appropriate error message if somebody tries to extend with structural ones.


Remember the hierarchy I described? Your Internet site is all about hierarchy, so you should be able to understand.

Actually, my site is more about the oligarchy ;)

What you can do, is on your old 2.0.x machine
...

That machine has long been rebuilt. I haven't seen 2.0 for many months now, and shall not again.

You can do vi's ':g/whatihad/s//whatiwant/gc' can't you? If not, now's a good time to learn :) Don't forget what ^ and $ mean in vi.

Are you kidding me? vim is my IDE!

I just had to do it for a high school in Amsterdam - all the students, all the lecturers, all the machines etc. etc. Took me a morning to do.

I'm sorry for your drudgery, but I'm glad to hear OpenLDAP makes the educational market in Europe. I actually plan to transition to teaching high school in a few years (and maybe even emigrate to Europe myself someday); all this LDAP knowledge is absolutely coming with me.


If you're using a gtk Unix/Linux, consider compiling and installing GQ 0.7.0b2. It'll teach you a lot. That's how I learned.

You talk about this tool so much, if I didn't know better I'd think they were passing you some sort of kickback :)


As I said repeatedly, the schema constraints weren't the mystery for me, it was the particular error response. I understand now how the issue relates to structural objectclasses, but hopefully you understand now that the oc hierarchy and required attributes are irrelevant. You can't add a structural objectclass to an entry through a modify in OpenLDAP 2.1, period.

Thanks for the attention though. It makes me happy to know that there is another joker in the deck, and I can report I've learned things from several of your other posts. Even if it isn't mutual, you have my respect.

Best,

Jon

<aside>
You know it's a small, surreal world when a country band from the Netherlands name themselves after my grandfather's warplane:


http://www.thespokanechiefs.com/
</aside>