pa@marcelot.net wrote:
Full_Name: Pierre-Arnaud Marcelot Version: 2.4.35 OS: Linux Mint URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (78.226.4.211)
Hi,
It looks like it's not possible to modify the 'objectClass' attribute of configuration entries.
Correct. The config DIT has very rigid schema and layout rules.
I have some code generating entries for OpenLDAP configuration from a UI utility and updating existing configuration entries in DIT. This code generates entries with the 'objectClass' attribute containing the full object class hierarchy (all the way to 'top') and not only the highest structural object class (which is the case of default OpenLDAP configuration).
When updating the configuration in the DIT, the code then tries to complete the 'objectClass' attribute with the full list of object classes. That operations ends with "error code 53- UnwillingToPerform".
Don't do that.
Here's an example on the "cn=config" entry: #!RESULT ERROR #!CONNECTION ldap://10.211.55.13:389 #!DATE 2013-05-22T14:56:03.039 #!ERROR [LDAP: error code 53 - UnwillingToPerform] dn: cn=config changetype: modify replace: objectClass objectClass: olcConfig objectClass: olcGlobal objectClass: top