> At 11:33 PM 2/22/2006, Jehan PROCACCIA wrote: >>$ ldapmodify -f /tmp/add-dept.ldif -h localhost -D >> cn=admin,dc=int-evry,dc=fr -W -x >>modifying entry >> "sn=CITI,ou=departements,ou=information,dc=int-evry,dc=fr" >>ldap_modify: Cannot modify object class (69) >> additional info: structural object class modification from 'person' >> to 'organizationalPerson' not allowed > > In the X.500/LDAP model, the structural object class of an object > is determined at creation (based upon values of objectClass) and > cannot be changed, period (i.e., regardless of how the present and > desired structural object classes might be related). > > We understand that this is somewhat inflexible and are working > on an extension which allows this and some other (like > NO-USER-MODIFICATION) model constraints to be overridden. This > extension is known as the ManageDIT control. It's still in > development... in fact, there isn't even an Internet-Draft > describing the extension available yet. > > Those interested in making ManageDIT code in HEAD > suitable for release are welcomed to contribute to its > development.
I was about to reply something like that, as I remember that some functionality of manageDIT was present, but I found out that there's no structuralObjectClass change capability yet. I've already added the capability to change creatorsName, createTimestamp and entryUUID (which I needed to implement cross-database rename in a distributed system); in case I might work at structuralObjectClass (based on spare time availability, of course). If anyone is willing to contribute, please remember that manageDIT modifications require "manage" access privileges. p. Ing. Pierangelo Masarati Responsabile Open Solution OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
