[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Writing to cn=Subschema

--On Monday, September 12, 2005 1:00 AM +0200 Adam Pordzik <adresseverbummelt@gmx.de> wrote:


If I've got it right, I can change schema as of OpenLDAP 2.3 directly
by accessing values below cn=Subschema. (E.g. add new objectClasses or
attributeTypes. And maybe also change or delete existing ones?)

I first tried it with an "ordinary" database Manager account like
cn=Manager,o=Example, which resulted in an "invalid per syntax" error.
I then added a "database config" section with "cn=Manager,dc=config."
and tryied to write with this BindDN with same upshot.

ACL slapd.conf equivalent in slapd.d:

access to dn="cn=Subschema"
        by dn="cn=Manager,dc=fuckner,dc=net" write

Simple ldif I wanted to write:

$ ldapmodify -x -D "cn=Manager,o=Example" -w secret
dn: cn=Subschema
add: objectClasses
objectClasses: ( NAME 'fooObjectClass'
 DESC 'Boo' SUP top STRUCTURAL MUST ( cn $ objectclass ) )

ldapmodify anwerd:

modifying entry "cn=Subschema"
ldap_modify: Invalid syntax (21)
        additional info: objectClasses: value #0 invalid per syntax

I think there is no error in my class definition. So, where did I made my mistake? But please: Don't tell me that it's not possible (yet). :-)

It's objectClass, not objectClasses, last time I read a schema.


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin