> Or use 'co' (friendlyCountryName) from cosine.schema instead,
> though a 'c' attribute is required as well for
> friendlyCountry objects.
> Or if renaming the DIT is not feasible in the short run, edit
> core.schema for now and put back the OpenLDAP 2.3 definition
> of 'c', which came from RFC 2256. OpenLDAP 2.4 uses the RFC
> 4519 definition, which matches the X.500 definition. Note
> that editing an existing attribute's schema definition also
> requires a slapcat/slapadd.
> This will not interoperate with other software which expect
> 2-letter 'c' attributes, so you do need to move away from
> your current DIT.
> Maybe attributes exist somewhere for 3-letter and numberic
> 3-digit country codes as well. If not, you could submit an
> internet-draft for such attributes. Or suggest changing 'c'
> to allow both 2- and 3-letter codes, though I doubt that
> would be accepted. The latter would also need to be
> coordinated with an X.500 change.
I've already considered the "co" option, but in fact, there is too much
effort, because in that case also applications (many of them) should be
modified and unfortunatelly the "c" part of the suffix is hardcoded ;( .
Your second suggestion about core schema changes seems to be the easiest
way - there is almost nothing to do.
So, all existing c values stays as they are (2+ letters), on fresh
OpenLDAP 2.4 installations the values of "c" could be limited to 2
letters (although the schema would allow more).
But, changing the core schema doesn's seem to be a good practice? If I
still do that, what kind of unpredictable situations might I be
Thanks for your quick response!