--On Friday, January 05, 2007 1:43 PM +0100 "Heinzmann, Robert" Heinzmann@cc-dresden.de wrote:
Hello,
is it possible to change Schema definitions on openldap servers without recreating the backend ?
Background: We have a ldap server (or multiple replicated LDAP servers) and have a certain attribute in the schema defitnion that is currently defined as "single value". It's the MAC address for clients used for X802.1 auth. The attribute is part oif the user object used for logins. Now it's possible, that users have multiple MAC addresses. We want to add multiple MAC addresses to that list, so we must chnage the attribute type from single to multiple values (sorry, I don't know the exact name of the defintion statement).
Would this be possible by doing the following:
stop ldap slave server change schema defintion for MAC address attribute from single to multivalue Start ldap slave again
stop ldap master change schema defintion for MAC address attribute from single to multivalue Start ldap master
That looks fine.
Is changing the schema definion generally possible for changes other then singlevalue->multivalue - e.g. add another attribute or modify other things ?
It depends on what the change is. Adding new attributes you can generally do, or deleting them, if they are not required by an objectClass. Changing data types, and the objectClass type (aux vs structural), etc, isn't generally going to fly.
I'll note that in 2.4, you will be able to change the schema on the fly (i.e., no server restarts) if you use back-config. There is some limited support for this already in 2.3.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html