[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Loading LDAP schema files into cn=config

To: openldap-technical@openldap.org, daniel@up247solution.com
Subject: Re: Loading LDAP schema files into cn=config
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Wed, 29 Jun 2011 17:27:42 +0200
In-reply-to: <4E0B339A.9030201@up247solution.com>
References: <4E0AFDB9.7090208@siriusit.co.uk> <4E0B27E8.7010106@siriusit.co.uk> <4E0B339A.9030201@up247solution.com>
User-agent: KMail/1.13.5 (Linux/2.6.33.7-desktop-2.1mnb; KDE/4.4.5; x86_64; ; )

On Wednesday, 29 June 2011 16:15:54 Daniel Qian wrote:
> On 11-06-29 9:26 AM, Mark Cave-Ayland wrote:
> > On 29/06/11 12:59, Howard Chu wrote:
> >>> Thanks for the response - this makes a bit more sense now. Just to
> >>> clarify another point: when you generate schemaConvert.conf, I guess
> >>> that you need to include *all* schemas in your current cn=config
> >>> matching the existing order, as well as the new one you are trying to
> >>> add?
> >> 
> >> Obviously the config file has to be valid; any schema that the ones
> >> you're converting depend on must be loaded.
> > 
> > I understand that part; however when installing the packages for
> > Debian Squeeze the post-installation process preloads the following
> > schemas into cn=schema,cn=config:
> > 
> > {0}core
> > {1}cosine
> > {2}nis
> > {3}inetorgperson
> > 
> > So what I wanted to verify was that if I want to add a new
> > sirius-custom.schema file into the directory I would need to setup
> > schemaConvert.conf to look like this:
> > 
> > include /etc/openldap/schema/core.schema
> > include /etc/openldap/schema/cosine.schema
> > include /etc/openldap/schema/nis.schema
> > include /etc/openldap/schema/inetorgperson.schema
> > include /etc/openldap/schema/sirius-custom.schema
> > 
> > The previous entries are required to ensure that the
> > sirius-custom.schema LDIF would be generated as {4}sirius-custom ready
> > for using ldapadd to load into the directory.
> > 
> > However when I then run:
> > 
> > mkdir config && slaptest -f slapd.conf.tmp -F config
> > 
> > Then I get my {4}sirius-custom.ldif but the top lines look like this:
> > 
> > dn: cn={4}sirius-custom
> > ...
> > cn: {4}sirius-custom
> > 
> > ...which then means I still can't add it directly using ldapadd
> > without further processing.
> 
> Not sure if it is the same on Debian but on Fedora I only copied the
> "workplace" output schema file (autofs.schema in my case) to
> /etc/openldap/slapd.d/cn=config/cn=schema/ without modifying anything. I
> restarted slapd after that and everything worked for me. Surprisingly
> easy although I had to do a restart.

But, this isn't how it is intended to be used, and gets you into bad habits. 
You should treat the config database as if it is any other database. The 
closest you should get to manual changes to it is 'slapadd', just like hdb or 
bdb etc.

You should just have been able to ldapadd the ldif file. And it wouldn't have 
required a restart.

For example, in Mandriva we ship pre-converted ldif schema files, that can 
just be ldapadd'ed.

http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/openldap-extra-
schemas/current/SOURCES/

(viewvc seems to have changed, you used to be able to download the files raw 
before, which made this more useful)

Yes, for this package I do manually remove the ordering from the DN/naming 
attribute, purely to allow easy post-initial-configuration addition.

Regards,
Buchan

References:
- Loading LDAP schema files into cn=config
  - From: Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk>
- Re: Loading LDAP schema files into cn=config
  - From: Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk>
- Re: Loading LDAP schema files into cn=config
  - From: Daniel Qian <daniel@up247solution.com>

Prev by Date: Re: Loading LDAP schema files into cn=config
Next by Date: RE: pcache + back-sql
Index(es):
- Chronological
- Thread