I need to update one of our internal LDAP schemas, but am not sure of the best process to use. Haven't managed to find any info on this, especially using the newer cn=config configuration stuff. Using the latest Ubuntu Intrepid OpenLDAP version (2.4.11)
I've tried deleting the schema, but keep getting a "server won't allow" error. Deleting all my LDAP entries doesn't help that. It seems that once you have a schema defined you can't delete it using a GUI tool like Luma nor using LDIF directives with OpenLDAP running.
Do I just shut down my LDAP server, and delete the entry in the cn=config directory, then re-install the new schema version?
What about any entries that depend on the schema? Will they be affected...that is, do I need to delete them all and re-add them? I guess if I knew when a schema is actually used (eg. only at add/modify times....or are there links to from the entries that are used at other times?) it would help?
Thanks for the advice...
--On Wednesday, December 10, 2008 9:45 AM -0500 Andrzej Jan Taramina andrzej@chaeron.com wrote:
What about any entries that depend on the schema? Will they be affected...that is, do I need to delete them all and re-add them? I guess if I knew when a schema is actually used (eg. only at add/modify times....or are there links to from the entries that are used at other times?) it would help?
Thanks for the advice...
There's a whole host of issues around schema with cn=config that's not really addressed right now. What if a core schema element changes due to some RFC, and that's updated in a future OpenLDAP release. How do the cn=config based LDAP servers update that schema? etc.
What I do, after raising this issue with other of the OpenLDAP developers, is copy in the schema files shipped with the release (after stopping slapd). I do this for Zimbra's private schema (which changes regularly) as well.
As you wondered, this could be problematic if there are schema changes that are not compatible with your existing entries.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Andrzej Jan Taramina wrote:
I need to update one of our internal LDAP schemas, but am not sure of the
best process to use. Haven't managed to find
any info on this, especially using the newer cn=config configuration stuff.
Using the latest Ubuntu Intrepid OpenLDAP
version (2.4.11)
I've tried deleting the schema, but keep getting a "server won't allow"
error. Deleting all my LDAP entries doesn't help
that. It seems that once you have a schema defined you can't delete it using
a GUI tool like Luma nor using LDIF
directives with OpenLDAP running.
Do I just shut down my LDAP server, and delete the entry in the cn=config
directory, then re-install the new schema version?
This was just discussed on -technical as well. You can delete individual schema elements using ldapmodify. You cannot delete entire cn=config entries (using ldapdelete). There are no plans to change this behavior for schema in the future.
What about any entries that depend on the schema? Will they be
affected...
The answer is "it depends"...
In general, once you start using a schema, you're stuck with it. (Which is one reason why ldapdelete for schema entries will never be implemented.) You can fine tune individual elements of it (alter definitions, add/remove definitions), but there are issues that are still being worked on. See ITS#5540 for one of the problems still in progress.
that is, do I need to delete them all and re-add them? I guess if I knew when a schema is actually used (eg. only at
add/modify times....or are there links to
from the entries that are used at other times?) it would help? Thanks for the advice...
openldap-software@openldap.org
-
Andrzej Jan Taramina -
Howard Chu -
Quanah Gibson-Mount