[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: structural object class modification from X to Y not allowed

Jon Roberts wrote:

Jehan PROCACCIA wrote:

I'am surprise that I cannot add or replace to an existing object a new objectclass in the same hierarchie of class !?
Can I do that without deleting the object and recreate it from scratch :-( ?.

AFAIK, no... not since the tighter schema checking that came with 2.1. Back in 2003 I initiated an overlong thread on this list about how OpenLDAP prevented me from extending person entries to use organizationalperson by modifying the objectclass attribute. Since then it's been "delete and readd" as you say.

Do you remember the subject of that thread, I would like to read it from the archive.
The problem here is that the objeclass person and oranizationalPerson are in the same structural Chain, futhermore, it is exactly the sample proposed on that subject in the openldap FAQ and it is supossed to be possible to have both ; from http://www.openldap.org/faq/data/cache/883.html
"Thus, it is OK for an objectClass attribute to contain /inetOrgPerson/, /organizationalPerson/, and /person/ because they inherit one from another to form a single superclass chain. That is, /inetOrgPerson/ SUPs /organizationPerson/ SUPs /person/."
I must admit that I'am lost, did I forgot something ?

I repost my "bad(?)" experience:
Here's my sample object on which I want to add the objectclass organizationalPerson
dn: sn=CITI,ou=departements,ou=information,dc=int-evry,dc=fr
objectClass: person
cn: Communication and Image
sn: CITI

$ ldapmodify -f /tmp/add-dept.ldif -h localhost -D cn=admin,dc=int-evry,dc=fr -W -x
modifying entry "sn=CITI,ou=departements,ou=information,dc=int-evry,dc=fr"
ldap_modify: Cannot modify object class (69)
additional info: structural object class modification from 'person' to 'organizationalPerson' not allowed

I did test that you can modify the objectclass attribute to add more auxiliary object classes without issue. I was also able to add structural objectclasses to entries on other LDAP implementations (ages ago), but I'd wager that was due more to promiscuity than added intelligence.

Jon Roberts