[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proper way to configure custom schemas

To: openldap-technical@openldap.org
Subject: Re: Proper way to configure custom schemas
From: CÃme BERNIGAUD <come.bernigaud@opensides.be>
Date: Mon, 10 Feb 2014 09:35:55 +0100
In-reply-to: <52F4F3C7.1050307@ktu.lt>
References: <52F4F3C7.1050307@ktu.lt>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10

This is exactly the problem I was having, openldap is returning an errorand still doing the modification, looks a lot like a bug.


See the log attached.

(This on debian wheezy with sldapd 2.4.31-1+nmu2)

CÃme

On 2014-02-07 15:55, Nerijus Kislauskas wrote:

Hi,

What is a proper set of actions to add attribute via cn=config to custom
schema, also add attribute to custom objectclass?

My way:
1. Add attribute
2. Delete old objectlass definition
3. Add new objectClass with new attribute included

What if I have 100 objectClasses, and want replace only 1?
I am in trouble to do this on Debian wheezy, slapd 2.4.31.

My test.ldif:
------------------------------------------
dn: cn={8}ktuEduPerson,cn=schema,cn=config
changetype: modify
add: olcAttributeTypes
olcAttributeTypes: ( ktuAttributeType:36 NAME 'macaroni'
   DESC 'LDAP attribute for macaroni' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSub
  stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

Let's add the attribute:

$ ldapmodify ... -f test.ldif
Enter LDAP Password:
modifying entry "cn={8}ktuEduPerson,cn=schema,cn=config"
ldap_modify: No such object (32)

$

Ooops, something went wrong, but cn=config sees this attribute:

$ ldapsearch ... "cn={8}ktuEduPerson,cn=schema,cn=config" | grep macaroni
Enter LDAP Password:
olcAttributeTypes: {41}( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP
...
$

But in case of VM/slapd restart, my macaroni attribute will be gone:

$ sudo grep -iR macaroni /etc/ldap/slapd.d/
$

Access rights of process and config files are ok. Changing lets say
olcLogLevel works fine, config is synced.

Am I the only one in the world facing this problem? Or I should fill
69th bug on slapd in Debian? Is slapd package usable in Debian for
something bigger than kindergarden? And yes, I know about "Why is using
the OpenLDAP server from a Linux distribution not recommended?".

Script started on mar 21 Jan 2014 10:32:23 +0100
# ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn={11}service-fd,cn=schema,cn=config"
  SASL/EXTERNAL authentication started
  SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
  SASL SSF: 0
  # extended LDIF
  #
  # LDAPv3
  # base <cn={11}service-fd,cn=schema,cn=config> with scope subtree
  # filter: (objectclass=*)
  # requesting: ALL
  #

  # {11}service-fd, schema, config
  dn: cn={11}service-fd,cn=schema,cn=config
  objectClass: olcSchemaConfig
  cn: {11}service-fd
  cn: service-fd
  olcAttributeTypes: {0}(1.3.6.1.4.1.10098.1.1.9.1 NAME 'test1' DESC 'This is te
   st 1' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
   VALUE)
  olcObjectClasses: {0}(1.3.6.1.4.1.10098.1.2.1.16 NAME 'class1' SUP top AUXILIA
   RY DESC 'This is class1' MUST ( cn $ test1 ))

  # search result
  search: 2
  result: 0 Success

  # numResponses: 2
  # numEntries: 1
# cat file.ldif
  dn: cn={11}service-fd,cn=schema,cn=config
  changetype: modify
  replace: olcAttributeTypes
  olcAttributeTypes: (1.3.6.1.4.1.10098.1.1.9.1 NAME 'test2' DESC 'This is test 2' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
  -
  replace: olcObjectClasses
  olcObjectClasses: (1.3.6.1.4.1.10098.1.2.1.16 NAME 'class2' SUP top AUXILIARY DESC 'This is class2' MUST ( cn $ test2 ))
# ldapmodify -S /tmp/log -Y EXTERNAL -H ldapi:/// -f file.ldif
  SASL/EXTERNAL authentication started
  SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
  SASL SSF: 0
  modifying entry "cn={11}service-fd,cn=schema,cn=config"
  ldap_modify: No such object (32)

# cat /tmp/log
  # Error: No such object (32)
  dn: cn={11}service-fd,cn=schema,cn=config
  changetype: modify
  replace: olcAttributeTypes
  olcAttributeTypes: (1.3.6.1.4.1.10098.1.1.9.1 NAME 'test2' DESC 'This is test 2' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
  -
  replace: olcObjectClasses
  olcObjectClasses: (1.3.6.1.4.1.10098.1.2.1.16 NAME 'class2' SUP top AUXILIARY DESC 'This is class2' MUST ( cn $ test2 ))

# ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn={11}service-fd,cn=schema,cn=config"
  SASL/EXTERNAL authentication started
  SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
  SASL SSF: 0
  # extended LDIF
  #
  # LDAPv3
  # base <cn={11}service-fd,cn=schema,cn=config> with scope subtree
  # filter: (objectclass=*)
  # requesting: ALL
  #

  # {11}service-fd, schema, config
  dn: cn={11}service-fd,cn=schema,cn=config
  objectClass: olcSchemaConfig
  cn: {11}service-fd
  cn: service-fd
  olcAttributeTypes: {0}(1.3.6.1.4.1.10098.1.1.9.1 NAME 'test2' DESC 'This is te
   st 2' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
   VALUE)
  olcObjectClasses: {0}(1.3.6.1.4.1.10098.1.2.1.16 NAME 'class2' SUP top AUXILIA
   RY DESC 'This is class2' MUST ( cn $ test2 ))

  # search result
  search: 2
  result: 0 Success

  # numResponses: 2
  # numEntries: 1
Script done on mar 21 Jan 2014 10:33:21 +0100

Follow-Ups:
- Re: Proper way to configure custom schemas
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- Proper way to configure custom schemas
  - From: Nerijus Kislauskas <nerijus.kislauskas@ktu.lt>

Prev by Date: Antw: Re: Simple way to check that MMR is in sync?
Next by Date: Re: Recommended version of BDB package
Index(es):
- Chronological
- Thread