At 04:43 AM 1/5/2007, Heinzmann, Robert wrote:
Hello,
is it possible to change Schema definitions on openldap servers without recreating the backend ?
The general answer is: it depends. It depends on the precise change is being made, the version of software being used, and couple possibly depend on configuration details (such as which backends are being used).
Background: We have a ldap server (or multiple replicated LDAP servers) and have a certain attribute in the schema defitnion that is currently defined as "single value". It's the MAC address for clients used for X802.1 auth. The attribute is part oif the user object used for logins. Now it's possible, that users have multiple MAC addresses. We want to add multiple MAC addresses to that list, so we must chnage the attribute type from single to multiple values (sorry, I don't know the exact name of the defintion statement).
Would this be possible by doing the following:
stop ldap slave server change schema defintion for MAC address attribute from single to multivalue Start ldap slave again
stop ldap master change schema defintion for MAC address attribute from single to multivalue Start ldap master
Ignoring impact to other software (which is something for discussion elsewhere, e.g., on a general LDAP list), one can, with the current release, database backends, and overlays, removing a singled-value constraint is, I believe, possible without reloading the database. Whether it possible with future releases, backends, and/or overlays is, well, another matter.
Is changing the schema definion generally possible for changes other then singlevalue->multivalue - e.g. add another attribute or modify other things ?
I would say its generally not possible. That is, unless you know its okay with the particular software/configuration you have, you should assume its not okay.
-- Kurt