[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to replace account with inetOrgPerson?



Hi,

On Wednesday, 7. September 2011, Mi wrote:
> >> So, how can I add "inetOrgPerson" and remove "account" ?
> > 
> > The only way I know is you export the entry, modify the ldif and
> > reimport.
> 
> I will try that. But I still have the feeling there must be a "better" way
> of doing it, and I just don't know it...

Indeed, there is another way.
This way even allows you to keep both objectclasses at the objects,
and do it all without taking the LDAP server down.

If I remember corrctly, these are the steps:

1) Aquire an OID arc from IANA
    http://pen.iana.org/pen/PenApplication.page

2) Define a schema file [gere in the slapd.conf form] similar to the one below

# symbolic names for sub-arcs of your OID arc
objectIdentifier myOIDroot               1.3.6.1.4.1.YOUR_OID_NO_FROM_IANA
objectIdentifier myOIDldap               myOIDroot:1
objectIdentifier myOIDattributeType  myOIDldap:1
objectIdentifier myOIDobjectClass     myOIDldap:2

# objectclass definition
objectClass ( myOIDobjectClass:1 'myOIDPerson'
        DESC 'Person inheriting from account and inetOrgPerson'
        SUP ( account $ inetOrgPerson ) 
        MUST ( uid $ cn ) )

3) add the missing uid / cn attributes where necessary

4) add the objectclass 'myOIDperson' to all objects you want to have
    both objectclasses.

5) If you want to have both objectclases mentioned explicitly,
      you may add the missing one to the myOIDPerson objects


Best
Peter

-- 
Peter Marschall
peter@adpm.de