[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP: Object class modification

--On Tuesday, April 11, 2006 10:47 AM -0700 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:

First, I note that 2.1 is historic.  However, 2.3 behaves in the
same manner.  See <http://www.openldap.org/faq/index.cgi?file=883>
for a discussion of this error.

I note that, in 2.4, we hope to introduce a control which will allow
administrators (and other authorized users) to request this (and other)
restrictions be temporarily relaxed.  In 2.3 (and earlier releases), the
only way to change the structural class of an object is to
re-create the object (e.g., delete the old, add the new).

Another option, if you are going to be doing this for every user, would be to slapcat the database, sed the file to replace organizationalPerson with inetorgperson, and then reload the database with slapadd.

Of course, I'd suggest upgrading to 2.3 at the same time if you go that route, and using slapadd -q which is many times faster than the slapadd in 2.1..


-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html