[Date Prev][Date Next]
Re: structural object class modification from X to Y not allowed
Jon Roberts wrote:
Jehan PROCACCIA wrote:
I'am surprise that I cannot add or replace to an existing object a
new objectclass in the same hierarchie of class !?
Can I do that without deleting the object and recreate it from
scratch :-( ?.
AFAIK, no... not since the tighter schema checking that came with 2.1.
Back in 2003 I initiated an overlong thread on this list about how
OpenLDAP prevented me from extending person entries to use
organizationalperson by modifying the objectclass attribute. Since
then it's been "delete and readd" as you say.
Do you remember the subject of that thread, I would like to read it from
The problem here is that the objeclass person and oranizationalPerson
are in the same structural Chain, futhermore, it is exactly the sample
proposed on that subject in the openldap FAQ and it is supossed to be
possible to have both ; from http://www.openldap.org/faq/data/cache/883.html
"Thus, it is OK for an objectClass attribute to contain /inetOrgPerson/,
/organizationalPerson/, and /person/ because they inherit one from
another to form a single superclass chain. That is, /inetOrgPerson/ SUPs
/organizationPerson/ SUPs /person/."
I must admit that I'am lost, did I forgot something ?
I repost my "bad(?)" experience:
Here's my sample object on which I want to add the objectclass
cn: Communication and Image
$ ldapmodify -f /tmp/add-dept.ldif -h localhost -D
cn=admin,dc=int-evry,dc=fr -W -x
modifying entry "sn=CITI,ou=departements,ou=information,dc=int-evry,dc=fr"
ldap_modify: Cannot modify object class (69)
additional info: structural object class modification from
'person' to 'organizationalPerson' not allowed
I did test that you can modify the objectclass attribute to add more
auxiliary object classes without issue. I was also able to add
structural objectclasses to entries on other LDAP implementations
(ages ago), but I'd wager that was due more to promiscuity than added