[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Loading LDAP schema files into cn=config

On 29/06/11 14:42, Howard Chu wrote:

You only need to load those 4 schema files if your sirius-custom.schema
file actually depends on all of them. The ordering prefix only needs to
be {4} if you really need those others to be parsed first. Otherwise the
prefix can be deleted and the config backend will generate it
automatically. This is all in the documentation. You should try reading
it sometime.



You're not paying attention. You skipped step 3 of my reply.

And apparently you need to be flamed too.

Okay - I consider myself flamed on this occasion :) But that still doesn't quite get me there:

echo "include /etc/ldap/schema/sirius-custom.schema" > slapd.conf.tmp
mkdir config && slaptest -f slapd.conf.tmp -F config
slapcat -F config/ -n0 -s cn=schema,cn=config > sirius-custom.ldif

That gives me a sirius-custom.ldif which contains both "dn: cn=schema,cn=config" and "dn: cn={0}sirius-custom,cn=schema,cn=config" which is better - but it's still not something I can directly run through ldapadd:

zeno:/tmp# ldapadd -D 'cn=admin,dc=siriusit,dc=co,dc=uk' -f sirius-custom.ldif -xW
Enter LDAP Password:
adding new entry "cn=schema,cn=config"
ldap_add: Constraint violation (19)
additional info: structuralObjectClass: no user modification allowed

I don't get much further even if I remove cn=schema,cn=config leaving just "dn: cn={0}sirius-custom,cn=schema,cn=config" within the output.

And also the slapcat command above always generates a {0} index for the output, so how can I alter the above command so that it omits the index so that slapd generates it automatically? And what happens if I accidentally add the same schema but with a different index? Does slapd consider them to be two different entries?

Does that sound correct?


As soon as you use the word "hack" you should realize you're doing
something wrong. As soon as you use the words "manually update" you
should realize you're doing something wrong.

I have been honest enough during this thread to admit that I felt I may have missed something obvious. But I have to point out that all of the Google searches I have done on this topic have returned posts similar to the one I pointed you to, which you are saying are wrong.

There is a lot of mis-information out there regarding cn=config but I at least I understand that I need to come to the project itself to get some answers.

I understand your frustration here, but it will also take some effort on behalf of the project to ensure that the documentation can answer questions such as mine - I've been using openldap for 3 years now, and cn=config still takes some getting used to.

Once we have figured out a basic schema workflow, I am happy to submit a documentation patch to help other people such as myself in return for your assistance.



Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
t: +44 870 608 0063

Sirius Labs: http://www.siriusit.co.uk/labs