[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Proper way to configure custom schemas

Hi,

I've done this frequently - just create an LDIF file for ldapmodify which adds the new attribute type and replaces the object class definition. There's no need to delete the object class and add it again in my experience.

Chris

> Date: Fri, 7 Feb 2014 16:55:03 +0200
> From: nerijus.kislauskas@ktu.lt
> To: openldap-technical@openldap.org
> Subject: Proper way to configure custom schemas
>
> Hi,
>
> What is a proper set of actions to add attribute via cn=config to custom
> schema, also add attribute to custom objectclass?
>
> My way:
> 1. Add attribute
> 2. Delete old objectlass definition
> 3. Add new objectClass with new attribute included
>
> What if I have 100 objectClasses, and want replace only 1?
> I am in trouble to do this on Debian wheezy, slapd 2.4.31.
>
> My test.ldif:
> ------------------------------------------
> dn: cn={8}ktuEduPerson,cn=schema,cn=config
> changetype: modify
> add: olcAttributeTypes
> olcAttributeTypes: ( ktuAttributeType:36 NAME 'macaroni'
> DESC 'LDAP attribute for macaroni' EQUALITY caseIgnoreMatch SUBSTR
> caseIgnoreSub
> stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
> Let's add the attribute:
>
> $ ldapmodify ... -f test.ldif
> Enter LDAP Password:
> modifying entry "cn={8}ktuEduPerson,cn=schema,cn=config"
> ldap_modify: No such object (32)
>
> $
>
> Ooops, something went wrong, but cn=config sees this attribute:
>
> $ ldapsearch ... "cn={8}ktuEduPerson,cn=schema,cn=config" | grep macaroni
> Enter LDAP Password:
> olcAttributeTypes: {41}( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP
> ...
> $
>
> But in case of VM/slapd restart, my macaroni attribute will be gone:
>
> $ sudo grep -iR macaroni /etc/ldap/slapd.d/
> $
>
> Access rights of process and config files are ok. Changing lets say
> olcLogLevel works fine, config is synced.
>
> Am I the only one in the world facing this problem? Or I should fill
> 69th bug on slapd in Debian? Is slapd package usable in Debian for
> something bigger than kindergarden? And yes, I know about "Why is using
> the OpenLDAP server from a Linux distribution not recommended?".
> --
> Sincerely,
> Nerijus Kislauskas
> KTU ITD, Litnet valdymo centras
> Studentu g. 48a - 101, Kaunas
> tel.: (8~37) 30 06 45
> mob. tel.: 8-614-93889
> e-mail.: nerijus.kislauskas@ktu.lt
>