Hi,
I've done this frequently - just create an LDIF file for ldapmodify which adds the new attribute type and replaces the object class definition. There's no need to delete the object class and add it again in my experience.
Chris
Date: Fri, 7 Feb 2014 16:55:03 +0200 From: nerijus.kislauskas@ktu.lt To: openldap-technical@openldap.org Subject: Proper way to configure custom schemas
Hi,
What is a proper set of actions to add attribute via cn=config to custom schema, also add attribute to custom objectclass?
My way:
- Add attribute
- Delete old objectlass definition
- Add new objectClass with new attribute included
What if I have 100 objectClasses, and want replace only 1? I am in trouble to do this on Debian wheezy, slapd 2.4.31.
My test.ldif:
dn: cn={8}ktuEduPerson,cn=schema,cn=config changetype: modify add: olcAttributeTypes olcAttributeTypes: ( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP attribute for macaroni' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Let's add the attribute:
$ ldapmodify ... -f test.ldif Enter LDAP Password: modifying entry "cn={8}ktuEduPerson,cn=schema,cn=config" ldap_modify: No such object (32)
$
Ooops, something went wrong, but cn=config sees this attribute:
$ ldapsearch ... "cn={8}ktuEduPerson,cn=schema,cn=config" | grep macaroni Enter LDAP Password: olcAttributeTypes: {41}( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP ... $
But in case of VM/slapd restart, my macaroni attribute will be gone:
$ sudo grep -iR macaroni /etc/ldap/slapd.d/ $
Access rights of process and config files are ok. Changing lets say olcLogLevel works fine, config is synced.
Am I the only one in the world facing this problem? Or I should fill 69th bug on slapd in Debian? Is slapd package usable in Debian for something bigger than kindergarden? And yes, I know about "Why is using the OpenLDAP server from a Linux distribution not recommended?". -- Sincerely, Nerijus Kislauskas KTU ITD, Litnet valdymo centras Studentu g. 48a - 101, Kaunas tel.: (8~37) 30 06 45 mob. tel.: 8-614-93889 e-mail.: nerijus.kislauskas@ktu.lt