[Date Prev][Date Next] [Chronological] [Thread] [Top]

modrdn: deleteoldrdn question



Background:
	I've been working with OpenLDAP for about two years now and have
our main directory working fine.  We are now expanding to do a regular
feed of LDAP data into Active Directory.  When people change their
affilations with the University, we move their entry into a new branch
of the information tree by using a modrdn operation.  The operation is
one that looks like:

dn: cn=joe,ou=People,dc=example,dc=com
changetype: modrdn
newrdn: cn=joe
deleteoldrdn: 0
newsuperior: ou=Expired,dc=example,dc=com

This works just fine in OpenLDAP.  However, when I perform the same
operation against ActiveDirectory, it yells and screams and refuses to
perform the operation returing a message that deleteoldrdn must be TRUE.
In fact, it does work and works properly if I change the value of
deleteoldrdn to 1 (and it also works in OpenLDAP).

Reading RFC2251, I see that the server may refuse to perform if the
setting of deleteoldrdn would cause an inconsistency in the schema.

Question:
	I'm left wondering, is OpenLDAP bending the rules a little and
ActiveDirectory just very strictly following RFC2251 (since it would
appear that I am violating schema by asking for two identical CN
values)?

Thanks,
-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
        === God bless all inhabitants of your planet ===