At 11:33 PM 2/22/2006, Jehan PROCACCIA wrote: >$ ldapmodify -f /tmp/add-dept.ldif -h localhost -D cn=admin,dc=int-evry,dc=fr >-W -x >modifying entry "sn=CITI,ou=departements,ou=information,dc=int-evry,dc=fr" >ldap_modify: Cannot modify object class (69) > additional info: structural object class modification from 'person' to > 'organizationalPerson' not allowed
In the X.500/LDAP model, the structural object class of an object is determined at creation (based upon values of objectClass) and cannot be changed, period (i.e., regardless of how the present and desired structural object classes might be related). We understand that this is somewhat inflexible and are working on an extension which allows this and some other (like NO-USER-MODIFICATION) model constraints to be overridden. This extension is known as the ManageDIT control. It's still in development... in fact, there isn't even an Internet-Draft describing the extension available yet. Those interested in making ManageDIT code in HEAD suitable for release are welcomed to contribute to its development. -- Kurt
