[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: still unclear on error 69



First, I apologize *profusely* for the off-list post that reached everyone. My mistake: there was an accidental bcc.

Tony Earnshaw wrote:
Smits.Dolf wrote:
You can always add any kind of auxiliary objectClass, adding inetorgperson
will work.
Even better: inetOrgPerson is structural, and it will *still* work. Why? Because its superior is organizationalPerson - whose superior again is person whose superior again is top. *ALL ARE STRUCTURAL*. This is known as *HIERARCHY*.

Correction: inetOrgPerson is structural, and it still won't work:

Have:
dn: cn=Mama, ou=People, o=family.org
objectclass: top
objectclass: person
objectclass: organizationalperson
cn: Mama
sn: Jones

Try:
dn: cn=Mama, ou=People, o=family.org
changetype: modify
add: objectclass
objectclass: inetorgperson

Get:
ldapmodify: update failed: cn=Mama, ou=People, o=family.org
ldap_modify: Cannot modify object class (69)
additional info: structural object class modification from 'organizationalperson' to 'inetorgperson' not allowed


The bottom line: the 69 error has nothing to do with the hierarchy. Even though he was wrong about inetorgperson not being structural, I believe Dolf Smits is correct in stating that while you can modify the objectclass attribute of an entry (I can do it all day with auxiliary classes), it is forbidden in OpenLDAP 2.1 to change the objectclass of an entry by adding a new structural class through a modify.

While it would be valid and nice if it were possible to extend a person to an organizationalperson or inetorgperson through the protocol, I fully accept that there may be some formidable hoops at the db/code level that would make this an unwieldy requirement. I didn't ask about it because I needed to fix some data; the export, modify LDIF, import method is always an option. Rather, I asked because when my extend servlet fails with this error code I'd like to be able to give a reasonable explanation as to what it means. Thanks to Dolf, even though I'd already done enough research to make the same conclusion myself by the time he posted.

Hopefully this can close this overlong thread. Again, I apologize for the off-list post.

Humbly,

Jon Roberts
www.mentata.com