Re: structural object class modification from X to Y not allowed

[Francis Swasey <Frank.Swasey@uvm.edu>]

On 2/23/06 12:24 PM, Jehan PROCACCIA wrote:
> but apperently from the last mail of Kurt is seems impossible ! I'am 
> still in doubt though ... as I don't see how I could then slapadd my 
> users entries (ldif) which do contains /inetOrgPerson/, 
> /organizationalPerson/, and /person/ objecclass without error . Why 
> using ldapmodify generate that error then ?

slapadd is a bad example.  Over the years, I've found a lot of things 
that slapadd will quite happily allow that are just plain nasty later on 
(like duplicate values based on the SYNTAX of an attribute).

So, let's back up and point out that ldapadd would allow you to create 
an entry containing

objectClass: person
objectClass: inetOrgPerson

However, given an entry that has just

objectClass: Person

an ldapmodify attempting to add the inetOrgPerson objectclass would 
still complain and fail.

What's the difference?

ldapadd is CREATING the entry and therefore is setting the 
structuralObjectClass attribute to the most subservient objectclass you 
listed in what you added.  ldapmodify is not allowed to change that 
(without using the ManageDIT controls) ever.

Does that help?

--
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)