[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Updating a private schema (cn=config)?

Andrzej Jan Taramina wrote:
I need to update one of our internal LDAP schemas, but am not sure of the
best process to use. Haven't managed to find
any info on this, especially using the newer cn=config configuration
Using the latest Ubuntu Intrepid OpenLDAP
version (2.4.11)

I've tried deleting the schema, but keep getting a "server won't allow"
error. Deleting all my LDAP entries doesn't help
that. It seems that once you have a schema defined you can't delete it
a GUI tool like Luma nor using LDIF
directives with OpenLDAP running.

Do I just shut down my LDAP server, and delete the entry in the cn=config
directory, then re-install the new schema version?

This was just discussed on -technical as well. You can delete individual schema elements using ldapmodify. You cannot delete entire cn=config entries (using ldapdelete). There are no plans to change this behavior for schema in the future.

What about any entries that depend on the schema? Will they be

The answer is "it depends"...

In general, once you start using a schema, you're stuck with it. (Which is one reason why ldapdelete for schema entries will never be implemented.) You can fine tune individual elements of it (alter definitions, add/remove definitions), but there are issues that are still being worked on.
See ITS#5540 for one of the problems still in progress.

that is, do I need to delete them all and
re-add them? I guess if I knew when a schema is actually used (eg. only at
add/modify times....or are there links to
from the entries that are used at other times?) it would help?
Thanks for the advice...

-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/