[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: structural object class modification from X to Y not allowed

> At 11:33 PM 2/22/2006, Jehan PROCACCIA wrote:
>>$ ldapmodify -f /tmp/add-dept.ldif -h localhost -D
>> cn=admin,dc=int-evry,dc=fr -W -x
>>modifying entry
>> "sn=CITI,ou=departements,ou=information,dc=int-evry,dc=fr"
>>ldap_modify: Cannot modify object class (69)
>>      additional info: structural object class modification from 'person'
>> to 'organizationalPerson' not allowed
> In the X.500/LDAP model, the structural object class of an object
> is determined at creation (based upon values of objectClass) and
> cannot be changed, period (i.e., regardless of how the present and
> desired structural object classes might be related).
> We understand that this is somewhat inflexible and are working
> on an extension which allows this and some other (like
> NO-USER-MODIFICATION) model constraints to be overridden.  This
> extension is known as the ManageDIT control.  It's still in
> development... in fact, there isn't even an Internet-Draft
> describing the extension available yet.
> Those interested in making ManageDIT code in HEAD
> suitable for release are welcomed to contribute to its
> development.

I was about to reply something like that, as I remember that some
functionality of manageDIT was present, but I found out that there's no
structuralObjectClass change capability yet.  I've already added the
capability to change creatorsName, createTimestamp and entryUUID (which I
needed to implement cross-database rename in a distributed system); in
case I might work at structuralObjectClass (based on spare time
availability, of course).  If anyone is willing to contribute, please
remember that manageDIT modifications require "manage" access privileges.


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it