Dear all,
The symptom:
An ldap user object in the source DIT is built around the Structural
ObjectClass :inetOrgPerson.
When the user leaves the organisation then the deprovisioning process
requires her/his ldap object to change to a new form which is now built
around a new Structural ObjectClass (account) and keeps a minimal set of
attributes.
However when LSC tries to convey this transformation to the destination
LDAP the operation fails with the Error: LDAP: error code 69 -
structural object class modification from 'inetOrgPerson' to 'account'
not allowed. The destination LDAP is an OpenLdap 2.4
The cause:
The structural object class of an object is determined at creation
(based upon values of objectClass) and cannot be changed. The only way
to alter the structural object class is to delete and re-create the object.
The (suggested) solution:
At least OpenLdap, supports a control (OID: 1.3.6.1.4.1.4203.666.5.12)
that can be used to relax restrictions like this one. OpenLdap's
implementation follows a mechanism described by an expired IETF Draft
(The LDAP Relax Rules Control) that can be found here:
https://tools.ietf.org/id/draft-zeilenga-ldap-relax-03.txt.
The question:
Is there a way to handle this situation via LSC, and activate this
control when required or in anyway control the controls used by LSC
operations?
Thank you in advance
Nikos
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
