[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: structural object class modification from X to Y not allowed

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: structural object class modification from X to Y not allowed
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Thu, 23 Feb 2006 18:36:32 +0100 (CET)
Cc: "Jehan PROCACCIA" <jehan.procaccia@int-evry.fr>, man@mentata.com, openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <7.0.1.0.0.20060223082128.03d36160@OpenLDAP.org>
References: <43FB46A0.5030409@int-evry.fr> <43FB9D59.8050408@jonanddeb.net> <43FD6566.4010308@int-evry.fr> <7.0.1.0.0.20060223082128.03d36160@OpenLDAP.org>
User-agent: SquirrelMail/1.4.3a-1

> At 11:33 PM 2/22/2006, Jehan PROCACCIA wrote:
>>$ ldapmodify -f /tmp/add-dept.ldif -h localhost -D
>> cn=admin,dc=int-evry,dc=fr -W -x
>>modifying entry
>> "sn=CITI,ou=departements,ou=information,dc=int-evry,dc=fr"
>>ldap_modify: Cannot modify object class (69)
>>      additional info: structural object class modification from 'person'
>> to 'organizationalPerson' not allowed
>
> In the X.500/LDAP model, the structural object class of an object
> is determined at creation (based upon values of objectClass) and
> cannot be changed, period (i.e., regardless of how the present and
> desired structural object classes might be related).
>
> We understand that this is somewhat inflexible and are working
> on an extension which allows this and some other (like
> NO-USER-MODIFICATION) model constraints to be overridden.  This
> extension is known as the ManageDIT control.  It's still in
> development... in fact, there isn't even an Internet-Draft
> describing the extension available yet.
>
> Those interested in making ManageDIT code in HEAD
> suitable for release are welcomed to contribute to its
> development.

I was about to reply something like that, as I remember that some
functionality of manageDIT was present, but I found out that there's no
structuralObjectClass change capability yet.  I've already added the
capability to change creatorsName, createTimestamp and entryUUID (which I
needed to implement cross-database rename in a distributed system); in
case I might work at structuralObjectClass (based on spare time
availability, of course).  If anyone is willing to contribute, please
remember that manageDIT modifications require "manage" access privileges.

p.

Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

Follow-Ups:
- Re: structural object class modification from X to Y not allowed
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- structural object class modification from X to Y not allowed
  - From: Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>
- Re: structural object class modification from X to Y not allowed
  - From: Jon Roberts <jon@jonanddeb.net>
- Re: structural object class modification from X to Y not allowed
  - From: Jehan PROCACCIA <Jehan.Procaccia@int-evry.fr>
- Re: structural object class modification from X to Y not allowed
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: OpenLDAP with MySQL backend
Next by Date: Re: structural object class modification from X to Y not allowed
Index(es):
- Chronological
- Thread