Remove a schema using OpenLDAP dynamic configuration

[Jean-Philippe Braun <eon@patapon.info>]

Hi all,

I'm trying to add/remove schemas dynamically using the cn=config
database (using slapd 2.4.23-7.2 on debian stable). 

I'm connected to slapd with the SASL/External method as root and I'm
able to search but delete breaks:

# ldapdelete -Y EXTERNAL -H ldapi:/// "cn={2}nis,cn=schema,cn=config"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldap_delete: Server is unwilling to perform (53)

The ACL seems correct to me:

# ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b "cn=config"
"olcDatabase={0}config" olcAccess
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={0}config,cn=config
olcAccess: {0}to * by dn.exact=gidNumber=0
+uidNumber=0,cn=peercred,cn=external
 ,cn=auth manage by * break

So is it possible to remove a schema like this ? I should miss
something...

Thank you