[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to replace account with inetOrgPerson?

On 09/08/2011 03:08 PM, Peter Marschall wrote:

On Wednesday, 7. September 2011, Quanah Gibson-Mount wrote:
Is it valid to inherit from two different structural objectClasses?  I
don't believe so.

Works for me with OpenLDAP 2.6.25 (and did so since the 2.[23].x days)
See also "pilotOrganization" in cosine.schema.

The only thing I was insecure about in my original mail was the
part about the "everything can be done online".

I faintly remember something about a change that required the structural
object class of an object to be determined at object creation time, and that
it cannot be changed afterwards.
As the memory is very faint, it is absolutely possible that it is unrelated to
OpenLDAP and refers to another LDAP server implementation.

The structural objectClass of an entry cannot be changed. Period. This is LDAP, not related to the implementation. However, OpenLDAP allows to change it provided the user has "manage" privileges, the "relax" control (draft-zeilenga-ldap-relax) is used, and the resulting entry complies with the data model (i.e. any other change required to comply with the new structural objectclass is performed within the same modification).