[Date Prev][Date Next]
Re: How to replace account with inetOrgPerson?
> On Sep 7, 2011, at 3:56 PM, Pierangelo Masarati wrote:
>> On 09/07/2011 02:44 PM, Marco Schirrmeister wrote:
>>> On Sep 7, 2011, at 2:26 PM, Mi wrote:
>>>> I am trying to add the "inetOrgPerson" objectClass, but some users
>>>> already have the "account" objectClass.
>>>> After a long search, I found that you cannot have both. So I am trying
>>>> to remove "account", and add "inetOrgPerson". But I cannot do that
>>>> either. I just get the following error :
>>>> err=69 text=structural object class modification from 'account' to
>>>> 'inetOrgPerson' not allowed
>>>> If I just try to remove "account", I get
>>>> entry failed schema check: no structural object class provided
>>>> So, how can I add "inetOrgPerson" and remove "account" ?
>>> The only way I know is you export the entry, modify the ldif and
>>> I just did that for all our groups, because we extended the schema and
>>> wanted that our own objectClass has sup of groupOfUniqueNames.
>> Or, to use the "relax" control <draft-zeilenga-ldap-relax>; you need
>> "manage" access to do that (or act as the rootdn). Please read that
>> document carefully before acting.
> That sounds interesting and I just tried that on my lab env. It was not
> The error was,
> ldap_modify: Protocol error (2)
> additional info: relax control value not absent
That's a protocol error; the control request was incorrectly formed. It
works fine here. In any case, if you can run test037 successfully, it
> The OID for relax that I found and used is 220.127.116.11.4.1.4203.666.5.12.
> Is this oid wrong? Or is it not supported in the latest version of
> If I query my base for the supported controls, I see 9 oids, but none of
> it is related to a relax control.
> I'm running version 2.4.26
It is supported (you would get "Critical extension is unavailable (12)"
otherwise). Only, it is "hidden", since its specification is still in