alois blasbichler wrote:
Hello list
We use openldap 2.3.39. I want to add with a perl-script to all my users this attributes : objectClass: orcluser orclpassword: xxxxxxxxx
I dont now how do that with a script. Actually my users haves this objectClasses : objectClass: top objectClass: hordePerson objectClass: shadowAccount objectClass: posixAccount objectClass: person objectClass: inetOrgPerson objectClass: SuSEeMailObject objectClass: sambaSamAccount
I defined an : objectclass ( 1.1.2.881.881.555.666 NAME 'inetorcluser' DESC 'inetorcluser' SUP ( inetOrgPerson $ orcluser ) STRUCTURAL )
And so when i with an ldap-browser export an user, then after deleting this user i add in the ldif-datei the followings attributes: objectClass: inetorcluser objectClass: orcluser orclpassword: xxxxxxxxx then i can import this user fine.
That for one user is ok but for a lot of users how can i do that - i tried with perl - but without success.
You can't change the structural objectClass of an entry: that would be a violation of the LDAP data model.
With OpenLDAP's slapd you can do this only by means of the "relax" control, which relaxes consistency checks __during__ an operation, only requiring them to be in force at the end of the operation (namely, with that control in place you can change the structural objectClass of an entry, but the resulting entry must comply with the LDAP specifications).
In OpenLDAP 2.3, the "relax" control is called "manageDIT" (not to be confused with "manageDSAit"), and its OID is 1.3.6.1.4.1.4203.666.5.12 (it's experimental).
All you need to do consists in adding that control to the LDAP modify request.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------