[Date Prev][Date Next]
Re: Writing to cn=Subschema
--On Monday, September 12, 2005 1:00 AM +0200 Adam Pordzik
If I've got it right, I can change schema as of OpenLDAP 2.3 directly
by accessing values below cn=Subschema. (E.g. add new objectClasses or
attributeTypes. And maybe also change or delete existing ones?)
I first tried it with an "ordinary" database Manager account like
cn=Manager,o=Example, which resulted in an "invalid per syntax" error.
I then added a "database config" section with "cn=Manager,dc=config."
and tryied to write with this BindDN with same upshot.
ACL slapd.conf equivalent in slapd.d:
access to dn="cn=Subschema"
by dn="cn=Manager,dc=fuckner,dc=net" write
Simple ldif I wanted to write:
$ ldapmodify -x -D "cn=Manager,o=Example" -w secret
objectClasses: ( 22.214.171.124.4.1.21924.99.1 NAME 'fooObjectClass'
DESC 'Boo' SUP top STRUCTURAL MUST ( cn $ objectclass ) )
modifying entry "cn=Subschema"
ldap_modify: Invalid syntax (21)
additional info: objectClasses: value #0 invalid per syntax
I think there is no error in my class definition. So, where did I made
my mistake? But please: Don't tell me that it's not possible (yet). :-)
It's objectClass, not objectClasses, last time I read a schema.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin