[Date Prev][Date Next]
Re: OpenLDAP: Object class modification
--On Tuesday, April 11, 2006 10:47 AM -0700 "Kurt D. Zeilenga"
First, I note that 2.1 is historic. However, 2.3 behaves in the
same manner. See <http://www.openldap.org/faq/index.cgi?file=883>
for a discussion of this error.
I note that, in 2.4, we hope to introduce a control which will allow
administrators (and other authorized users) to request this (and other)
restrictions be temporarily relaxed. In 2.3 (and earlier releases), the
only way to change the structural class of an object is to
re-create the object (e.g., delete the old, add the new).
Another option, if you are going to be doing this for every user, would be
to slapcat the database, sed the file to replace organizationalPerson with
inetorgperson, and then reload the database with slapadd.
Of course, I'd suggest upgrading to 2.3 at the same time if you go that
route, and using slapadd -q which is many times faster than the slapadd in
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html