[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Loading LDAP schema files into cn=config



> zeno:/tmp# ldapadd -D 'cn=admin,dc=siriusit,dc=co,dc=uk' -f
> sirius-custom.ldif -xW
> Enter LDAP Password:
> adding new entry "cn=schema,cn=config"
> ldap_add: Constraint violation (19)
>          additional info: structuralObjectClass: no user modification
> allowed

Hi Mark,

How did you generate your schema LDIF again? It's quite easy to do it without slapcat etc.

See http://www.openldap.org/lists/openldap-software/200504/msg00195.html about above. You've got some entries
in there you shouldn't.

> I don't get much further even if I remove cn=schema,cn=config leaving
> just "dn: cn={0}sirius-custom,cn=schema,cn=config" within the output.
> 
> And also the slapcat command above always generates a {0} index for
> the
> output, so how can I alter the above command so that it omits the
> index
> so that slapd generates it automatically? And what happens if I
> accidentally add the same schema but with a different index? Does
> slapd
> consider them to be two different entries?

Just the same as any LDIF. If it's repeated/exists it will fail.

> >> Does that sound correct?
> >
> > No.
> >
> > As soon as you use the word "hack" you should realize you're doing
> > something wrong. As soon as you use the words "manually update" you
> > should realize you're doing something wrong.
> 
> I have been honest enough during this thread to admit that I felt I
> may
> have missed something obvious. But I have to point out that all of
> the
> Google searches I have done on this topic have returned posts similar
> to
> the one I pointed you to, which you are saying are wrong.
> 
> There is a lot of mis-information out there regarding cn=config but I
> at
> least I understand that I need to come to the project itself to get
> some
> answers.
> I understand your frustration here, but it will also take some effort
> on
> behalf of the project to ensure that the documentation can answer
> questions such as mine - I've been using openldap for 3 years now,
> and
> cn=config still takes some getting used to.

I think it depends on how you look at it as it's in LDIF. It's been
7 for me (2004) and it depends on how the question is asked and the prior
knowledge, which sometimes gets in the way.
 
> Once we have figured out a basic schema workflow, I am happy to
> submit a
> documentation patch to help other people such as myself in return for
> your assistance.

What would you like to see? We have a wiki now that could be more tutorial
like. The current Admin Guide covers it well, but we could break it down more
with comparison to slapd.conf on the wiki for people with less than 5 years 
experience :-)

Is there anything I can learn from the PostgreSQL docs project using your experience
and contacts?

Thanks,

Gavin.

> 
> ATB,
> 
> Mark.
> 
> --
> Mark Cave-Ayland - Senior Technical Architect
> PostgreSQL - PostGIS
> Sirius Corporation plc - control through freedom
> http://www.siriusit.co.uk
> t: +44 870 608 0063
> 
> Sirius Labs: http://www.siriusit.co.uk/labs
> 
> 

-- 
Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.

http://www.openldap.org/project/