[Date Prev][Date Next] [Chronological] [Thread] [Top]

restriction for structural objectclass?


I don't understand the new restrictions (openLDAP 2.1.22) for changing
the structural objectclass of an entry.
The approach

1. to make a copy of the entry
2. to delete the entry
3. to change the structural objectclass of the copy
4. to re-add the changed copy of the entry

isn't very useful for following reasons:

First reason:

Changing the root's structural objectclass of a DN tree.
You must first export/delete all DN's of the root and the root itself;
make your changes and re-add all DNs (very exhausting and
unusable for interactive clients as gq and web interfaces)

Second reason:

If many admins are able to add new
users (DNs) to LDAP from differnt clients, you need a locking mechanism.
With our WEB-Interface (developed for version 2.0.x)
we add first a new DN with a generic structural ObjectClass
and the auxiliary extensibleObject class. At this moment nobody else
from another client can add a new DN with same denotation (e.g. username).
After the admin has added all new data, the new data is commited to LDAP, but
also the generic objectclass is changed (e.g. into inetPerson). Since 2.1.x this
is apparently no longer possible. The rule to delete first the entry and to re-add
the changed entry completely cancels the locking!!

Any suggestions and comments?

best regards
A. Gabriel

--  Andreas Gabriel
@AG Neurophysik ,Renthof 7, 35032 Marburg TEL/FAX +49 +6421 28-25683/27034
@HRZ, Hans-Meerwein-Str.  , 35032 Marburg TEL/FAX +49 +6421 28-23560/26994
------------------ Philipps-Universitaet Marburg -------------------------