[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: still unclear on error 69



Jon,
     LDAPv3 protocol specifies that an entry can have one, and only one
structural object class. FYI, the "organizationalPerson" objectclass
contains all the same attributes as the "person" objectclass.   Likewise,
once an entry is added, its structural object class cannot be changed
without completely removing, then re-adding the entry.  You may be able to
get around this by turning off schema checking, but I wouldn't recommend
it.  Just remove the entry, then re-add.  I know it can be a chore, but if
need be do a search for the entries you need to change, have the results
saved to an LDIF file, remove the entries from the directory, perform a
find and replace on the LDIF, then slapadd the LDIF file.  Hope this helps
Jason McGlamary

Associate Application Specialist
Division of Nursing - Nursing Informatics
Co-Chair WHC/NRH/IS Focus Forum
Washington Hospital Center
ph: 202-877-2243
pager: 202-474-8691
email: Jason.McGlamary@Medstar.net


                                                                                                                                   
                    Jon Roberts                                                                                                    
                    <jon%mentata.com@internet.mhg.edu>                To:     Tony Earnshaw                                        
                    Sent by:                                           <tonni%billy.demon.nl@internet.mhg.edu>,                    
                    owner-openldap-software%OpenLDAP.org@intern        OpenLDAP-software%OpenLDAP.org@internet.mhg.edu             
                    et.mhg.edu                                        cc:                                                          
                                                                      Subject:     Re: still unclear on error 69                   
                                                                                                                                   
                    08/11/2003 02:20 PM                                                                                            
                                                                                                                                   
                                                                                                                                   




Tony Earnshaw wrote:
> Jon Roberts wrote:
>> If the server were down, the authentication failed, the user didn't
>> have privileges to the data, etc.... there would've been a different
>> error code telling me so. I think the 69 error is telling me something
>> new and more specific, and I'd like to get to the bottom of it.
>
> What it is telling you is, you have to have *all* the objectclasses
> necessary in the hierarchy before it can add what you want. See my last
> answer.

I read your post. Did you read mine?

I'm only using top, person, organizationalperson, and inetorgperson.
What's missing? I understood your point about conflicts in strucutural
objectclasses, but it doesn't apply.

The 69 error occurs when I attempt a modify operation on the
objectclass attribute to go from a [top, person] entry to a [top,
person, organizationalperson] or [top, person, organizationalperson,
inetorgperson] entry.

> Again the eternal premise: "If it works for 1,000 others, why doesn't
it work for me?"

The only testimony I've heard for doing such an operation is from
another person who got the exact same error.

http://www.openldap.org/lists/openldap-software/200307/msg00644.html

Try it yourself. Assume and entry:

dn: cn=Mama, ou=People, o=family.org
objectclass: top
objectclass: person
cn: Mama
sn: Jones

Then try to implement the LDIF:

dn: cn=Mama, ou=People, o=family.org
changetype: modify
add: objectclass
objectclass: organizationalperson

And with ldapmodify you will get:

modifying entry "cn=Mama, ou=People, o=family.org"
ldapmodify: update failed: cn=Mama, ou=People, o=family.org
ldap_modify: Cannot modify object class (69)
         additional info: structural object class modification from
'person' to 'organizationalperson' not allowed

Looks like Mama has to stay in the kitchen :(

I tried this on an OpenLDAP 2.1.22 server with a BDB backend I built and
installed this morning. My question (rephrased) still stands: is there
any way to add valid structural objectclasses to an existing entry that
already has a strucutural objectclass through the protocol?

Jon Roberts
www.mentata.com