David Timber wrote:
I had to write my own schema for my application and I was struggling to figure out how to import the schema I wrote to cn=config. I had though I was missing something until I found this.
https://gist.github.com/jaseg/8577024
Notice the name of the script. Someone had to write this because there's no tool that you can use to import schemas when the slapd is configured with cn=config. You can get away with it by using include directive with slapd.conf. I know there's a way to do it with slaptest, but that method is just unacceptable. So, how I understood is, either you have to use slaptest to rebuild the entirety of the schema in ldif format,
or you have to handcraft the schema in ldif by figuring out with {} index to start with. This is all backwards.
No. cn=config autogenerates these {} indices. This has been documented since 2007. https://openldap.org/doc/admin24/slapdconf2.html
"Some of the entries listed above have a numeric index "{X}" in their names. While most configuration settings have an inherent ordering dependency (i.e., one setting must take effect before a subsequent one may be set), LDAP databases are inherently unordered. The numeric index is used to enforce a consistent ordering in the configuration database, so that all ordering dependencies are preserved. In most cases the index does not have to be provided; it will be automatically generated based on the order in which entries are created."
slapadd and slapmodify are just cranky tools you can only use in specific cases(eg: restoring from mdb_copy backup data). In most cases, using those tools to manipulate cn=config is near impossible.
Using slapadd to add a single schema LDIF is trivial. So is using ldapadd. cn=config is just an LDAP database, you use standard LDAP operations on it.