[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How can I really disable schema-checking?

To: Salim Fadhley <sal@stodge.org>, openldap-software@openldap.org
Subject: Re: How can I *really* disable schema-checking?
From: Bill MacAllister <whm@stanford.edu>
Date: Wed, 21 Jan 2009 10:49:28 -0800
Content-disposition: inline
In-reply-to: <ce6d5c8daefdede12d5f940e992f9b87@imap.gmail.com>
References: <ce6d5c8daefdede12d5f940e992f9b87@imap.gmail.com>

--On Wednesday, January 21, 2009 01:35:25 PM +0000 Salim Fadhley <sal@stodge.org> wrote:


I've recently inherited responsibility for an LDAP server for a large
business critical operation.

Unfortunately the previous developer simply added data with
schema-checking off. They were using a very old version of OpenLDAP
(which I can no longer use) which allowed them to disable all
schema-checking. As a consequence the data is no longer compatible with
the schema - all validation fails.

I want to disable all schema-checking on my new server, so I used the
slapd.conf directive "schemacheck off" - however this seems to be ignored.
I know this because when I attempt to add an un-declared attribute to an
entry in the database, the change is rejected. I understand that the
"schemacheck" config directive has been deprecated in recent versions of
slapd: But is there any other way to achive the same thing?

I've been told that there is a class called "ExtensibleObject" - might
this help? Please bear in mind that my database is big (approx 20Mb) and
changing the data may break compatibility with the application.

All I really want is to re-create the same kind of "anything-goes"
platform that we had with the old 2.2.19 slapd which allowed me to
disable all schema-checking.

Thanks,

Sal

Years ago I wrote a flame to the list about the lost of this feature. No one actually thought that what I was concerned about was important and since then I have come around and joined that crowd. Better to just create a valid schema set that will work for you. It is not all that hard.

I am guessing that the real issue is that you have new attributes that do not appear anywhere in a loaded schema. It is possible that your unique attributes are not all that unique and are in an existing schema that is not being loaded. I would just search the files in the schema directory and see what I could find and load the schemas that will satisfy your requirements.

If the attributes are really new then the slowest part of creating the new schema entries is obtaining and OID arc. You need to go to <http://www.iana.org/cgi-bin/enterprise.pl> and fill out the form. An OID arc is free. And, yes, you can create one out of thin air, but if you do that there are others on this list that will slice up your liver for dinner.

This make seem like a lot of effort, but it is a one time job.

Bill


+--------------------------------------------------------
| Bill MacAllister <whm@stanford.edu>
| Systems Software Programmer, ITS Unix Systems, Stanford University

Follow-Ups:
- Re: How can I *really* disable schema-checking?
  - From: Salim Fadhley <sal@stodge.org>
- Re: How can I *really* disable schema-checking?
  - From: "Sean O'Malley" <omalleys@msu.edu>

References:
- How can I *really* disable schema-checking?
  - From: Salim Fadhley <sal@stodge.org>

Prev by Date: Re: How can I *really* disable schema-checking?
Next by Date: Re: 64bit compile fails on Solaris 10
Index(es):
- Chronological
- Thread

Re: How can I *really* disable schema-checking?

Re: How can I really disable schema-checking?