> > On Sep 7, 2011, at 3:56 PM, Pierangelo Masarati wrote: > >> On 09/07/2011 02:44 PM, Marco Schirrmeister wrote: >>> >>> On Sep 7, 2011, at 2:26 PM, Mi wrote: >>> >>>> I am trying to add the "inetOrgPerson" objectClass, but some users >>>> already have the "account" objectClass. >>>> >>>> After a long search, I found that you cannot have both. So I am trying >>>> to remove "account", and add "inetOrgPerson". But I cannot do that >>>> either. I just get the following error : >>>> >>>> err=69 text=structural object class modification from 'account' to >>>> 'inetOrgPerson' not allowed >>>> >>>> If I just try to remove "account", I get >>>> >>>> entry failed schema check: no structural object class provided >>>> >>>> So, how can I add "inetOrgPerson" and remove "account" ? >>> >>> The only way I know is you export the entry, modify the ldif and >>> reimport. >>> I just did that for all our groups, because we extended the schema and >>> wanted that our own objectClass has sup of groupOfUniqueNames. >> >> Or, to use the "relax" control <draft-zeilenga-ldap-relax>; you need >> "manage" access to do that (or act as the rootdn). Please read that >> document carefully before acting. > > That sounds interesting and I just tried that on my lab env. It was not > working. > The error was, > ldap_modify: Protocol error (2) > additional info: relax control value not absent
That's a protocol error; the control request was incorrectly formed. It works fine here. In any case, if you can run test037 successfully, it works. > The OID for relax that I found and used is 1.3.6.1.4.1.4203.666.5.12. > Is this oid wrong? Or is it not supported in the latest version of > OpenLDAP? > > If I query my base for the supported controls, I see 9 oids, but none of > it is related to a relax control. > I'm running version 2.4.26 It is supported (you would get "Critical extension is unavailable (12)" otherwise). Only, it is "hidden", since its specification is still in draft. p.
