[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: structural object class modification from X to Y not allowed

On 2/23/06 12:24 PM, Jehan PROCACCIA wrote:
but apperently from the last mail of Kurt is seems impossible ! I'am still in doubt though ... as I don't see how I could then slapadd my users entries (ldif) which do contains /inetOrgPerson/, /organizationalPerson/, and /person/ objecclass without error . Why using ldapmodify generate that error then ?

slapadd is a bad example. Over the years, I've found a lot of things that slapadd will quite happily allow that are just plain nasty later on (like duplicate values based on the SYNTAX of an attribute).

So, let's back up and point out that ldapadd would allow you to create an entry containing

objectClass: person
objectClass: inetOrgPerson

However, given an entry that has just

objectClass: Person

an ldapmodify attempting to add the inetOrgPerson objectclass would still complain and fail.

What's the difference?

ldapadd is CREATING the entry and therefore is setting the structuralObjectClass attribute to the most subservient objectclass you listed in what you added. ldapmodify is not allowed to change that (without using the ManageDIT controls) ever.

Does that help?

Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)