https://bugs.openldap.org/show_bug.cgi?id=10256
Issue ID: 10256 Summary: Custom attribute disappears after slapd restart Product: OpenLDAP Version: 2.4.57 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs@openldap.org Reporter: heinrich.blatt@googlemail.com Target Milestone: ---
Hi,
i want to use a custom attribute in my schema. I use that ldif: dn: cn=schema,cn=config changetype: modify add: olcAttributeTypes olcAttributeTypes: ( 1.2.840.113556.1.4.7000 NAME 'rfidtoken' DESC 'RFID Token' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
This i inject via ldapmodify. For the session it works, but after restarting slapd the attribute disappears. If i add it again via ldapmodify it is there for the session again. My /etc/ldap/slapd.d/cn=config/cn=schema.ldif contains the change.
This seems related to #9066, however the documentation indicates that i can make the changes via ldapmodify persistent.
What is the right approach there? What i can do to persist the change?
Thanks in advance for support
https://bugs.openldap.org/show_bug.cgi?id=10256
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Howard Chu hyc@openldap.org --- The ITS is for bug reports, not software usage questions. Use the openldap-technical mailing list for such questions.
As the doc says https://openldap.org/doc/admin26/slapdconf2.html#cn=schema
the cn=schema,cn=config entry is for slapd's hardcoded schema. User schema must be loaded in child entries of this entry.
Closing this ticket.
https://bugs.openldap.org/show_bug.cgi?id=10256
--- Comment #2 from com23omega heinrich.blatt@googlemail.com --- I see. But isn't that then still a weakness in the software to allow such feature changes? Hence, shouldn't this issue be a feature request to prevent users from modifying the cn=schema,cn=config entry? It is very easy to misuse and a lot of internet resources are recommending such an approach.
https://bugs.openldap.org/show_bug.cgi?id=10256
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|INVALID |TEST
--- Comment #3 from Howard Chu hyc@openldap.org --- (In reply to com23omega from comment #2)
I see. But isn't that then still a weakness in the software to allow such feature changes? Hence, shouldn't this issue be a feature request to prevent users from modifying the cn=schema,cn=config entry?
Fair enough. Fixed in 5e9d550c2e00a9e286f337acfc21bcb9de3fed50
It is very easy to misuse and a lot of internet resources are recommending such an approach.
Yet another reason why we always tell users to only read the official documentation. It's the only doc that's been vetted and correct.
People are always welcome to write more documentation for the features and workloads they've encountered. Such docs should be submitted to the Project so they can be reviewed and included in subsequent releases.
https://bugs.openldap.org/show_bug.cgi?id=10256
--- Comment #4 from com23omega heinrich.blatt@googlemail.com --- that's great.
Thank you for the clarification and for the quick change.
Thanks also to the complete openldap team for that great piece of software!
https://bugs.openldap.org/show_bug.cgi?id=10256
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.6.9 Keywords|needs_review |
https://bugs.openldap.org/show_bug.cgi?id=10256
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@openldap.org |hyc@openldap.org
https://bugs.openldap.org/show_bug.cgi?id=10256
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- RE26:
• bec0946c by Howard Chu at 2024-10-04T22:00:01+00:00 ITS#10256 cn=config: reject modify requests on cn=schema,cn=config
https://bugs.openldap.org/show_bug.cgi?id=10256
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED