[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: objectclass question

To: openldap-software@OpenLDAP.org
Subject: Re: objectclass question
From: Andreas Gabriel <gabriel@hrz.uni-marburg.de>
Date: Fri, 03 Oct 2003 18:28:56 +0200
In-reply-to: <200310031403.14015.peter@adpm.de>
Organization: Philipps-Universitaet Marburg
References: <3F7D4C08.7070908@wolfhill.cz> <200310031403.14015.peter@adpm.de>
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624

Hello Peter,

I have similar problems with porting LDAP databases from 2.0.x
to 2.1.x. Since the schema check is realy armed in version 2.1.x,
adding/porting of entries can only be solved by trial
and error. It is quite difficult to find any documentation about these "new"
restrictions.

Do you know about a RFC or documentation paper?

Regards
A. Gabriel

Peter Marschall wrote:

Hi,
On Friday 03 October 2003 12:14, Michal Gubik wrote:
My question is regarding object class. I have made already several users
on ldap but I need to add host atribute that is in account objectclass
but when I tri to add account objectclass to that user I get error
saying ldap_modify: Cannot modify object class (69)
       additional info: Structural object class modification from
'InetOrgPerson' to 'account' not allowed
my ldif looks like this:
dn: uid=mgubik, ou=people, o=coprosys,dc=cd
changetype: add
objectclass: account
add: host
host: hostname
and I try to add it by ldapmodify. Thanks for any help.
It is a restriction of OpenLDAP starting from 2.1.x to not allow to change the STRUCTURAL objectclass of an entry. IIRC the reasons for this restriction were that the LDAP data model requires it.

To change the STRUCTURAL objectclasses of an object you need to delete and re-add it to the directory. Please consider the fact that OpenLDAP enforces the "one objectclass chain" rule. You may need to create a private objectclass that has the account objectclass and your user's objectclass as SUPerior objectclasses.

IMHO forbidding the change of the strcutural objectclass completetly is too rigid. I can understand that it is a bad idea to delete a STRUCTURAL objectclass, but I cannoit see why adding an objectclass that has the current structural objectclass as SUPerior might hurt anything.
Peter

--
--  Andreas Gabriel
@AG Neurophysik ,Renthof 7, 35032 Marburg TEL/FAX +49 +6421 28-25683/27034
@HRZ, Hans-Meerwein-Str.  , 35032 Marburg TEL/FAX +49 +6421 28-23560/26994
------------------ Philipps-Universitaet Marburg -------------------------

Follow-Ups:
- Re: objectclass question
  - From: Peter Marschall <peter@adpm.de>

References:
- objectclass question
  - From: Michal Gubik <mgubik@wolfhill.cz>
- Re: objectclass question
  - From: Peter Marschall <peter@adpm.de>

Prev by Date: RE: OpenLDAP Automounter + Linux + Solaris 9
Next by Date: Re: objectclass question
Index(es):
- Chronological
- Thread