[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: still unclear on error 69

To: Tony Earnshaw <tonni@billy.demon.nl>
Subject: Re: still unclear on error 69
From: Jon Roberts <jon@mentata.com>
Date: Wed, 13 Aug 2003 10:13:57 -0500
Cc: "Smits.Dolf" <dolf.smits@siemens.com>, OpenLDAP-software@OpenLDAP.org
In-reply-to: <3F3A3C9C.2050104@billy.demon.nl>
References: <2FAEA868F23AD411AFD10000D11ED33E08F5246F@hagb037a.siemens.nl> <3F3A3C9C.2050104@billy.demon.nl>
User-agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.3.1) Gecko/20030425

First, I apologize *profusely* for the off-list post that reached everyone. My mistake: there was an accidental bcc.

Tony Earnshaw wrote:

Smits.Dolf wrote:
You can always add any kind of auxiliary objectClass, adding inetorgperson will work.
Even better: inetOrgPerson is structural, and it will *still* work. Why? Because its superior is organizationalPerson - whose superior again is person whose superior again is top. *ALL ARE STRUCTURAL*. This is known as *HIERARCHY*.


Correction: inetOrgPerson is structural, and it still won't work:

Have:
dn: cn=Mama, ou=People, o=family.org
objectclass: top
objectclass: person
objectclass: organizationalperson
cn: Mama
sn: Jones

Try:
dn: cn=Mama, ou=People, o=family.org
changetype: modify
add: objectclass
objectclass: inetorgperson

Get: ldapmodify: update failed: cn=Mama, ou=People, o=family.org ldap_modify: Cannot modify object class (69) additional info: structural object class modification from 'organizationalperson' to 'inetorgperson' not allowed

The bottom line: the 69 error has nothing to do with the hierarchy. Even though he was wrong about inetorgperson not being structural, I believe Dolf Smits is correct in stating that while you can modify the objectclass attribute of an entry (I can do it all day with auxiliary classes), it is forbidden in OpenLDAP 2.1 to change the objectclass of an entry by adding a new structural class through a modify.

While it would be valid and nice if it were possible to extend a person to an organizationalperson or inetorgperson through the protocol, I fully accept that there may be some formidable hoops at the db/code level that would make this an unwieldy requirement. I didn't ask about it because I needed to fix some data; the export, modify LDIF, import method is always an option. Rather, I asked because when my extend servlet fails with this error code I'd like to be able to give a reasonable explanation as to what it means. Thanks to Dolf, even though I'd already done enough research to make the same conclusion myself by the time he posted.

Hopefully this can close this overlong thread. Again, I apologize for the off-list post.

Humbly,

Jon Roberts
www.mentata.com

References:
- RE: still unclear on error 69
  - From: "Smits.Dolf" <dolf.smits@siemens.com>
- Re: still unclear on error 69
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: TLS with MacOS 10.2 OpenLDAP server
Next by Date: Berkley DB Vs ... ? (was Re: Compilation Errors)
Index(es):
- Chronological
- Thread