[email protected] wrote: > Full_Name: Pierre-Arnaud Marcelot > Version: 2.4.35 > OS: Linux Mint > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (78.226.4.211) > > > Hi, > > It looks like it's not possible to modify the 'objectClass' attribute of > configuration entries.
Correct. The config DIT has very rigid schema and layout rules. > I have some code generating entries for OpenLDAP configuration from a UI > utility > and updating existing configuration entries in DIT. > This code generates entries with the 'objectClass' attribute containing the > full > object class hierarchy (all the way to 'top') and not only the highest > structural object class (which is the case of default OpenLDAP configuration). > > When updating the configuration in the DIT, the code then tries to complete > the > 'objectClass' attribute with the full list of object classes. > That operations ends with "error code 53- UnwillingToPerform". Don't do that. > Here's an example on the "cn=config" entry: > #!RESULT ERROR > #!CONNECTION ldap://10.211.55.13:389 > #!DATE 2013-05-22T14:56:03.039 > #!ERROR [LDAP: error code 53 - UnwillingToPerform] > dn: cn=config > changetype: modify > replace: objectClass > objectClass: olcConfig > objectClass: olcGlobal > objectClass: top > - > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
