Hi,
On 9/25/19 6:20 PM, Quanah Gibson-Mount wrote:
--On Wednesday, September 25, 2019 6:57 PM +0200 Michael Ströder michael@stroeder.com wrote:
IIRC back-mdb needs export / re-import to make the OID change.
Why would back-mdb require an export/import for an OID change in the schema? OpenLDAP does not store the OID internally in the binary databases.
Thanks for the replies, but the database backend is "hdb".
The attributes in question were placed in the nis schema cn={3}nis,cn=schema,cn=config: --- {25}( 1.3.6.1.1.1.1.28 NAME 'groupMemberShip' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) {26}( 1.3.6.1.1.1.1.29 NAME 'apple-generateduid' DESC 'generated unique ID' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) ---
I have moved these attributes via ldapmodify with this ldif:
--- dn: cn={3}nis,cn=schema,cn=config changetype: modify replace: olcAttributeTypes olcAttributeTypes: #...copy off all schema attributes but the two I want to move...#
dn: cn={5}kerio-mail-server,cn=schema,cn=config changetype: modify add: olcAttributeTypes olcAttributeTypes: {15}(1.3.6.1.4.1.10311.1.2.2.29 NAME 'groupMemberShip' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) olcAttributeTypes: {16}(1.3.6.1.4.1.10311.1.2.2.30 NAME 'apple-generateduid' DESC 'generated unique ID' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) ---
But after that the existing groupMemberShip attributes were purged from the user objects. We use VMs and I have done snapshots before this change, so I could roll back.
Did I move the attributes the wrong way?
Kind regards, Tobias