Re: How to replace account with inetOrgPerson?

On 09/07/2011 02:44 PM, Marco Schirrmeister wrote:

On Sep 7, 2011, at 2:26 PM, Mi wrote:

I am trying to add the "inetOrgPerson" objectClass, but some users already have the "account" objectClass.

After a long search, I found that you cannot have both. So I am trying to remove "account", and add "inetOrgPerson". But I cannot do that either. I just get the following error :

    err=69 text=structural object class modification from 'account' to 'inetOrgPerson' not allowed

If I just try to remove "account", I get

    entry failed schema check: no structural object class provided

So, how can I add "inetOrgPerson" and remove "account" ?

The only way I know is you export the entry, modify the ldif and reimport.
I just did that for all our groups, because we extended the schema and wanted that our own objectClass has sup of groupOfUniqueNames.

Or, to use the "relax" control <draft-zeilenga-ldap-relax>; you need "manage" access to do that (or act as the rootdn). Please read that document carefully before acting.