On Sep 7, 2011, at 3:56 PM, Pierangelo Masarati wrote: > On 09/07/2011 02:44 PM, Marco Schirrmeister wrote: >> >> On Sep 7, 2011, at 2:26 PM, Mi wrote: >> >>> I am trying to add the "inetOrgPerson" objectClass, but some users already >>> have the "account" objectClass. >>> >>> After a long search, I found that you cannot have both. So I am trying to >>> remove "account", and add "inetOrgPerson". But I cannot do that either. I >>> just get the following error : >>> >>> err=69 text=structural object class modification from 'account' to >>> 'inetOrgPerson' not allowed >>> >>> If I just try to remove "account", I get >>> >>> entry failed schema check: no structural object class provided >>> >>> So, how can I add "inetOrgPerson" and remove "account" ? >> >> The only way I know is you export the entry, modify the ldif and reimport. >> I just did that for all our groups, because we extended the schema and >> wanted that our own objectClass has sup of groupOfUniqueNames. > > Or, to use the "relax" control <draft-zeilenga-ldap-relax>; you need "manage" > access to do that (or act as the rootdn). Please read that document > carefully before acting.
That sounds interesting and I just tried that on my lab env. It was not working. The error was, ldap_modify: Protocol error (2) additional info: relax control value not absent The OID for relax that I found and used is 1.3.6.1.4.1.4203.666.5.12. Is this oid wrong? Or is it not supported in the latest version of OpenLDAP? If I query my base for the supported controls, I see 9 oids, but none of it is related to a relax control. I'm running version 2.4.26 -- Marco
