[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP: Object class modification

At 10:47 AM 4/11/2006, Kurt D. Zeilenga wrote:
>First, I note that 2.1 is historic.  However, 2.3 behaves in the
>same manner.  See <http://www.openldap.org/faq/index.cgi?file=883>
>for a discussion of this error.

Actually, this answer is too a related question.  I've added
which specifically addresses this common error.

>I note that, in 2.4, we hope to introduce a control which will allow administrators (and other authorized users) to request this (and other)
>restrictions be temporarily relaxed.  In 2.3 (and earlier releases),
>the only way to change the structural class of an object is to
>re-create the object (e.g., delete the old, add the new).
>At 04:37 PM 4/10/2006, John Quigley wrote:
>>Hey Folks!
>>Here's my scenario: I've got several hundred user accounts, stored as
>>OpenLDAP records.  Here's an example:
>># test user
>>dn: cn=tuser,ou=employee,ou=csinternal,dc=hostname,dc=com
>>cn: tuser
>>sn: test user
>>objectclass: person
>>objectclass: organizationalperson
>>objectclass: posixaccount
>>uid: tuser
>>uidnumber: 1034
>>gidnumber: 1034
>>homedirectory: /home/tuser
>>Now, I'm looking to add a 'mail' field, for which I require the
>>objectclass inetOrgPerson.  I've been trying to ldapmodify all the
>>users, as such:
>>dn: cn=tuser,ou=employee,ou=CSinternal,dc=hostname,dc=com
>>changetype: modify
>>replace: objectclass
>>objectclass: top
>>objectclass: person
>>objectclass: inetorgperson
>>objectclass: organizationalperson
>>objectClass: posixAccount
>>Which generates the following error:
>>ldap_modify: Cannot modify object class (69)
>>        additional info: structural object class modification from
>>'organizationalPerson' to 'inetOrgPerson' not allowed
>>I understand that it is forbidden in OpenLDAP 2.1 to change the
>>objectclass of an entry by adding a new structural class through a modify.
>>So, my question to you is: can somebody step me through the process by
>>which I could add this objectclass?  Is this even possible?  Thanks so
>>much for your time and consideration, it's tremendously appreciated.
>>John Quigley