Emmanuel LÃcharny writes:
On 4/12/11 10:08 AM, Hallvard B Furuseth wrote:
Ok, get it. It would be cool (tm) that OpenLDAP accepts direct
modifications of the schema through LDAP requests.
Eh? You can, that's why cn=config exists. Just set up some DN to
have write access to it. Normally a rootdn for database config.
No, you can't if you want to use the syntax for
AttributeType/OvjecClass. You have to use a specific LDIF format, and
this is the key we were discussing with some peeps : how to modify
schema for existing Ldap server in a portable way (more specifically, it
would be useful in Apache Directory Studio).
Well, that's not what you said. Anyway, yes it would be friendly if
OpenLDAP used the same attribute types for reading and writing schema,
without an 'olc' prefix for writing. I presume there's a good reason it
doesn't, and I don't know how hard that would be to change.
But beyond that, server administration is not part of the LDAP standard.
There's no portable way to administer LDAP servers. If Apache Directory
Studio thinks there is, that's a limitation of that application, not of
any server implementation.
Of course, using a LDIF format with olcXXX AT is working, but it's non
standard.
As I said, it would be very cool if OpenLDAP were allowing the schema
modification through direct LDAP modify request on cn=subschema... (of
course, ths has many implication : saving the data into cn=schema, make
the server switch the schema internally without restarting it, etc, etc...)
That happens if you just modify the correct schema entry.
But a modify request against cn=subschema lacks information about how to
administer the schema change - i.e. which cn=schema child to put it in.
Not a piece of cake !