Re: OpenLDAP: Object class modification

[John Quigley <lists-jquigley@jquigley.com>]

Everyone:

Thanks so much for your insightful replies, they're very much
appreciated.  A few follow-up notes and questions, that you may be able
to help me with:

>> First, I note that 2.1 is historic.  However, 2.3 behaves in the
>> same manner.  See <http://www.openldap.org/faq/index.cgi?file=883>
>> for a discussion of this error.

I fat fingered that version number, I'm not running 2.1; rather, our
system is built upon Debian's 'testing' OpenLDAP version 2.2.26-5.  I'd
consider building my own package from OpenLDAP 2.3 sources if you think
there's significant reason to do so (I haven't yet had the time to look
into this myself).

> Another option, if you are going to be doing this for every user,
> would be to slapcat the database, sed the file to replace
> organizationalPerson with inetorgperson, and then reload the
> database with slapadd.

Quanah, thanks for the idea, I've considered this very thing.  My
ldap-foo isn't strong yet, and I'm curious as to password persistence
across database reloads.  If I were to shutdown slapd, dump the db with
slapcat, modify the records (is it feasible to leave 'objectmodel:
organizationalperson' and add 'objectmodel: inetorgperson'? I would
think so), and then reload the modified db, would ldap passwords for
each of the users be preserved?

Another question in the same vein is: when one slapcat's the db, and
reinserts it, is there some kind of manual thing that has to be done to
blow away the previous db?

Thanks so much for the help, everyone.

Regards,
John Quigley
https://chicagolug.org/~jquigley/