On 23 mai 2013, at 16:31, Howard Chu <[email protected]> wrote: > [email protected] wrote: >> Full_Name: Pierre-Arnaud Marcelot >> Version: 2.4.35 >> OS: Linux Mint >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (78.226.4.211) >> >> >> Hi, >> >> It looks like it's not possible to modify the 'objectClass' attribute of >> configuration entries. > > Correct. The config DIT has very rigid schema and layout rules.
Indeed. >> I have some code generating entries for OpenLDAP configuration from a UI >> utility >> and updating existing configuration entries in DIT. >> This code generates entries with the 'objectClass' attribute containing the >> full >> object class hierarchy (all the way to 'top') and not only the highest >> structural object class (which is the case of default OpenLDAP >> configuration). >> >> When updating the configuration in the DIT, the code then tries to complete >> the >> 'objectClass' attribute with the full list of object classes. >> That operations ends with "error code 53- UnwillingToPerform". > > Don't do that. Sure, that's why I have a *bad* workaround to not update the 'objectClass' attribute even if the original and my generated one don't match. Still, looking at LDAP standards, that doesn't seem to be a naughty operation at all and nothing is really wrong with the resulting entry. Regards, Pierre-Arnaud >> Here's an example on the "cn=config" entry: >> #!RESULT ERROR >> #!CONNECTION ldap://10.211.55.13:389 >> #!DATE 2013-05-22T14:56:03.039 >> #!ERROR [LDAP: error code 53 - UnwillingToPerform] >> dn: cn=config >> changetype: modify >> replace: objectClass >> objectClass: olcConfig >> objectClass: olcGlobal >> objectClass: top >> - >> >> > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/
