Re: OpenLDAP: Object class modification

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

First, I note that 2.1 is historic.  However, 2.3 behaves in the
same manner.  See <http://www.openldap.org/faq/index.cgi?file=883>
for a discussion of this error.

I note that, in 2.4, we hope to introduce a control which will allow administrators (and other authorized users) to request this (and other)
restrictions be temporarily relaxed.  In 2.3 (and earlier releases),
the only way to change the structural class of an object is to
re-create the object (e.g., delete the old, add the new).

Kurt

At 04:37 PM 4/10/2006, John Quigley wrote:
>Hey Folks!
>
>Here's my scenario: I've got several hundred user accounts, stored as
>OpenLDAP records.  Here's an example:
>
># test user
>dn: cn=tuser,ou=employee,ou=csinternal,dc=hostname,dc=com
>cn: tuser
>sn: test user
>objectclass: person
>objectclass: organizationalperson
>objectclass: posixaccount
>uid: tuser
>uidnumber: 1034
>gidnumber: 1034
>homedirectory: /home/tuser
>
>Now, I'm looking to add a 'mail' field, for which I require the
>objectclass inetOrgPerson.  I've been trying to ldapmodify all the
>users, as such:
>
>dn: cn=tuser,ou=employee,ou=CSinternal,dc=hostname,dc=com
>changetype: modify
>replace: objectclass
>objectclass: top
>objectclass: person
>objectclass: inetorgperson
>objectclass: organizationalperson
>objectClass: posixAccount
>
>Which generates the following error:
>
>ldap_modify: Cannot modify object class (69)
>        additional info: structural object class modification from
>'organizationalPerson' to 'inetOrgPerson' not allowed
>
>I understand that it is forbidden in OpenLDAP 2.1 to change the
>objectclass of an entry by adding a new structural class through a modify.
>
>So, my question to you is: can somebody step me through the process by
>which I could add this objectclass?  Is this even possible?  Thanks so
>much for your time and consideration, it's tremendously appreciated.
>
>Regards,
>John Quigley
>https://chicagolug.org/~jquigley/