Hello,
is it possible to change Schema definitions on openldap servers without recreating the backend ?
Background: We have a ldap server (or multiple replicated LDAP servers) and have a certain attribute in the schema defitnion that is currently defined as "single value". It's the MAC address for clients used for X802.1 auth. The attribute is part oif the user object used for logins. Now it's possible, that users have multiple MAC addresses. We want to add multiple MAC addresses to that list, so we must chnage the attribute type from single to multiple values (sorry, I don't know the exact name of the defintion statement).
Would this be possible by doing the following:
stop ldap slave server change schema defintion for MAC address attribute from single to multivalue Start ldap slave again
stop ldap master change schema defintion for MAC address attribute from single to multivalue Start ldap master
Is changing the schema definion generally possible for changes other then singlevalue->multivalue - e.g. add another attribute or modify other things ?
Looking forward to any feedback, Robert Heinzmann
------------------------------------------------------------------------ COMPUTER CONCEPT CC Computersysteme und Kommunikationstechnik GmbH Robert Heinzmann Wiener Str. 114 - 116 Email: heinzmann@cc-dresden.de 01219 Dresden Telefon: +49 (0)351/8 76 92-0 Telefax: +49 (0)351/8 76 92-99 Internet: http://www.cc-dresden.de ------------------------------------------------------------------------
--On Friday, January 05, 2007 1:43 PM +0100 "Heinzmann, Robert" Heinzmann@cc-dresden.de wrote:
Hello,
is it possible to change Schema definitions on openldap servers without recreating the backend ?
Background: We have a ldap server (or multiple replicated LDAP servers) and have a certain attribute in the schema defitnion that is currently defined as "single value". It's the MAC address for clients used for X802.1 auth. The attribute is part oif the user object used for logins. Now it's possible, that users have multiple MAC addresses. We want to add multiple MAC addresses to that list, so we must chnage the attribute type from single to multiple values (sorry, I don't know the exact name of the defintion statement).
Would this be possible by doing the following:
stop ldap slave server change schema defintion for MAC address attribute from single to multivalue Start ldap slave again
stop ldap master change schema defintion for MAC address attribute from single to multivalue Start ldap master
That looks fine.
Is changing the schema definion generally possible for changes other then singlevalue->multivalue - e.g. add another attribute or modify other things ?
It depends on what the change is. Adding new attributes you can generally do, or deleting them, if they are not required by an objectClass. Changing data types, and the objectClass type (aux vs structural), etc, isn't generally going to fly.
I'll note that in 2.4, you will be able to change the schema on the fly (i.e., no server restarts) if you use back-config. There is some limited support for this already in 2.3.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
At 04:43 AM 1/5/2007, Heinzmann, Robert wrote:
Hello,
is it possible to change Schema definitions on openldap servers without recreating the backend ?
The general answer is: it depends. It depends on the precise change is being made, the version of software being used, and couple possibly depend on configuration details (such as which backends are being used).
Background: We have a ldap server (or multiple replicated LDAP servers) and have a certain attribute in the schema defitnion that is currently defined as "single value". It's the MAC address for clients used for X802.1 auth. The attribute is part oif the user object used for logins. Now it's possible, that users have multiple MAC addresses. We want to add multiple MAC addresses to that list, so we must chnage the attribute type from single to multiple values (sorry, I don't know the exact name of the defintion statement).
Would this be possible by doing the following:
stop ldap slave server change schema defintion for MAC address attribute from single to multivalue Start ldap slave again
stop ldap master change schema defintion for MAC address attribute from single to multivalue Start ldap master
Ignoring impact to other software (which is something for discussion elsewhere, e.g., on a general LDAP list), one can, with the current release, database backends, and overlays, removing a singled-value constraint is, I believe, possible without reloading the database. Whether it possible with future releases, backends, and/or overlays is, well, another matter.
Is changing the schema definion generally possible for changes other then singlevalue->multivalue - e.g. add another attribute or modify other things ?
I would say its generally not possible. That is, unless you know its okay with the particular software/configuration you have, you should assume its not okay.
-- Kurt
openldap-software@openldap.org
-
Heinzmann, Robert -
Kurt D. Zeilenga -
Quanah Gibson-Mount