On Wednesday, 29 June 2011 16:15:54 Daniel Qian wrote:
On 11-06-29 9:26 AM, Mark Cave-Ayland wrote:
On 29/06/11 12:59, Howard Chu wrote:
Thanks for the response - this makes a bit more sense now. Just to clarify another point: when you generate schemaConvert.conf, I guess that you need to include *all* schemas in your current cn=config matching the existing order, as well as the new one you are trying to add?
Obviously the config file has to be valid; any schema that the ones you're converting depend on must be loaded.
I understand that part; however when installing the packages for Debian Squeeze the post-installation process preloads the following schemas into cn=schema,cn=config:
{0}core {1}cosine {2}nis {3}inetorgperson
So what I wanted to verify was that if I want to add a new sirius-custom.schema file into the directory I would need to setup schemaConvert.conf to look like this:
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/sirius-custom.schema
The previous entries are required to ensure that the sirius-custom.schema LDIF would be generated as {4}sirius-custom ready for using ldapadd to load into the directory.
However when I then run:
mkdir config && slaptest -f slapd.conf.tmp -F config
Then I get my {4}sirius-custom.ldif but the top lines look like this:
dn: cn={4}sirius-custom ... cn: {4}sirius-custom
...which then means I still can't add it directly using ldapadd without further processing.
Not sure if it is the same on Debian but on Fedora I only copied the "workplace" output schema file (autofs.schema in my case) to /etc/openldap/slapd.d/cn=config/cn=schema/ without modifying anything. I restarted slapd after that and everything worked for me. Surprisingly easy although I had to do a restart.
But, this isn't how it is intended to be used, and gets you into bad habits. You should treat the config database as if it is any other database. The closest you should get to manual changes to it is 'slapadd', just like hdb or bdb etc.
You should just have been able to ldapadd the ldif file. And it wouldn't have required a restart.
For example, in Mandriva we ship pre-converted ldif schema files, that can just be ldapadd'ed.
http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/openldap-extra- schemas/current/SOURCES/
(viewvc seems to have changed, you used to be able to download the files raw before, which made this more useful)
Yes, for this package I do manually remove the ordering from the DN/naming attribute, purely to allow easy post-initial-configuration addition.
Regards, Buchan