Jimmy Liang wrote:
I've read that OpenLDAP supports runtime schema modifications but I can't figure out the extensiveness of this feature. On Sun's page (http://java.sun.com/products/jndi/tutorial/ldap/schema/object.html under the header "Adding a New Object Class") it's telling me that OpenLDAP does not support this kind of modification.
That page is half right. OpenLDAP does not allow direct modification of the subschema subentry. In OpenLDAP 2.3 you can add new schema elements by adding them under the "cn=schema,cn=config" branch (but you cannot modify existing schema). In OpenLDAP 2.4 you can add/delete/modify schema using cn=config.
When I try the code on that page, I run into
Exception in thread "main" javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - objectClasses: value #0 invalid per syntax]; remaining name ''
It appears that your request contained invalid data. This check occurs pretty early, before the server even checks whether you're able to make the change.
Does OpenLDAP allow programmic (hopefully but necessarily Java) schema changes at runtime?
Yes, but you have to provide valid data first.