[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to replace account with inetOrgPerson?

> On Sep 7, 2011, at 3:56 PM, Pierangelo Masarati wrote:
>> On 09/07/2011 02:44 PM, Marco Schirrmeister wrote:
>>> On Sep 7, 2011, at 2:26 PM, Mi wrote:
>>>> I am trying to add the "inetOrgPerson" objectClass, but some users
>>>> already have the "account" objectClass.
>>>> After a long search, I found that you cannot have both. So I am trying
>>>> to remove "account", and add "inetOrgPerson". But I cannot do that
>>>> either. I just get the following error :
>>>>    err=69 text=structural object class modification from 'account' to
>>>> 'inetOrgPerson' not allowed
>>>> If I just try to remove "account", I get
>>>>    entry failed schema check: no structural object class provided
>>>> So, how can I add "inetOrgPerson" and remove "account" ?
>>> The only way I know is you export the entry, modify the ldif and
>>> reimport.
>>> I just did that for all our groups, because we extended the schema and
>>> wanted that our own objectClass has sup of groupOfUniqueNames.
>> Or, to use the "relax" control <draft-zeilenga-ldap-relax>; you need
>> "manage" access to do that (or act as the rootdn).  Please read that
>> document carefully before acting.
> That sounds interesting and I just tried that on my lab env. It was not
> working.
> The error was,
> ldap_modify: Protocol error (2)
> additional info: relax control value not absent

That's a protocol error; the control request was incorrectly formed.  It
works fine here.  In any case, if you can run test037 successfully, it

> The OID for relax that I found and used is
> Is this oid wrong? Or is it not supported in the latest version of
> OpenLDAP?
> If I query my base for the supported controls, I see 9 oids, but none of
> it is related to a relax control.
> I'm running version 2.4.26

It is supported (you would get "Critical extension is unavailable (12)"
otherwise).  Only, it is "hidden", since its specification is still in